I have a routing objective that I am having trouble wrapping my head around. I have two offices with redundant 1 gig point to points in between. EIGRP manages the paths.
Baton Rouge which is where my internet connection is located and then New Orleans which routes across the point to points to Baton Rouge and then out to the internet.
I have two Internet gateways at Baton Rouge: The ASA which is the main internet gateway and a 2811 Router which is used for vpn and specific internet traffic.
The default gateway on the core switch at Baton Rouge is to the ASA. The default gateway on the New Orleans Core switch both point to the next hop which is the core switch at Baton Rouge. Therefore if someone at New Orleans routes to internet it follows the default route.
The issue I have is that I want one of these vlan networks to route a bit differently. I want this network to route out the 2811 instead of the ASA.
The network I need to route out of the 2811 is the 10.0.87.0/24 network which hangs off the New Orleans Core switch. The catch is, it cannot talk to any other internal network along the way. So I need to route it across the point to point over to the Baton Rouge core switch and then have the Baton Rouge core switch route it out of the 2811 for internet access.
I had this setup at Baton Rouge and it worked great with a route map. The challenge comes in when I add the extra hop. Any help would be greatly appreciated.
I have attached a diagram of how it is layed out.
Have you tried using the ip next-hop gateway clause in the route map? Specify the source traffic and then create a clause that makes its next hop gateway the 2811 instead of the ASA.
Thanks so much for the response. Let me give you guys some more info that might help explain.
So here is my config at New Orleans. Both Core switches have the following:
ip access-list extended GUEST-TO-2811
permit ip any any
route-map GUEST-TO-2811 permit 10
match ip address GUEST-TO-2811
set ip next-hop 10.0.1.5 <<<<<< not sure this will work due to WAN hop and test fail so far
description ***Demitasse Wireless***
ip address 10.0.87.3 255.255.255.0
ip policy route-map GUEST-TO-2811
standby 87 ip 10.0.87.1
standby 87 timers 1 5
standby 87 priority 201
standby 87 preempt delay minimum 300
standby 87 authentication md5 key-string 7 xxxxxxxxxxx
I am advertising 10.0.87.0 off both new orleans core switches via EIGRP as well so 10.0.1.5 knows how to get there. The thing is, where do I set the next hop? Notice on the New Orleans Core routers the statement "set ip next-hop 10.0.1.5" points to the 2811 which is on the other side of the WAN. Being the 2811 is not directly connected to the core switches in New Orleans, the traffic must pass over the WAN link to get to it. It must pass over the 172.x.x.x network shown in the diagram.
My assumption is that the route map will not work because of the hop in between 10.0.87 and 10.0.1.5.
So there where my understanding is breaking down.
Another idea would be to simply put an access list on the interface for 10.0.87.0/24. If you don't have to many other networks, you could simply deny any traffic trying to get to your other networks and permit everything else. Once permited traffic follows the normal default gateway heading towards the Internet, you create a policy to force it to use the 2811 based on its source address on the Baton Rouge router.
I am after exactly what you just spoke of. The only part that I am struggling with is which interface would I apply the route policy? Does the policy have to be applied to an interface or am I missing something?
Ive only done it by applying a route map on an inteface and as traffic hits it and matches the ACL. Is there another way to do this?
In other words I need to somehow match the traffic on the Baton Rouge Core before I can set the next hop. Trying to figure out the best way to do this.
Your PBR needs to be on both interfaces facing New Orleans in Baton Rouge as well.
Sent from Cisco Technical Support iPad App
Just create an acl and put a match statement in the route map. Something similar to below should work. I'm just using random numbers as an example.
match ip address 150
set ip next-hop
access-list 150 permit ip 10.0.87.0 0.0.0.255 any
You could then apply the policy to inbound traffic in Baton-Rouge
As ususal, I would test first, not just configure a production environment. Verify you get the results you're looking for before you apply to a production environment.