Policy Based Routing - Next Hop destination Matched

dvargas@nwfcu.org · ‎06-21-2018

Hi,

I'm trying to come up with a solution where if traffic that is not being sent to the to proxy and going to port 80 and 443 to send the traffic to the my next-hop which in this is case is my default route.

Example; I have a default route to go to my WAN firewall - However, we do have a GPO to forces the user to send all http https traffic to the proxy but of course there are those tech savy that uses Firefox to bypass the proxy.

We want any traffic from SVI destine to 0.0.0.0 on 80 443 to send that traffic to default gateway..

but what i want in my route map is that if traffic destine to the Defatult gateway let's say 192.168.12.8 is down then to send that matched traffic to another gateway 192.168.200.8

Is that possible to do in a IP match set next-hop route map?

Dennis Mink · ‎06-21-2018

try something like this:

ip access-list extended HTTP_ONLY

permit tcp 10.10.10.0 0.0.7.255 any eq 80

permit tcp 10.10.10.0 0.0.7.255 any eq 443

!

route-map HTTP_NEXTHOP permit 10

match ip address HTTP_ONLY

set ip next-hop x.x.x.x

!

interface gi0/1

ip policy route-map HTTP_NEXTHOP

Please remember to rate useful posts, by clicking on the stars below.

dvargas@nwfcu.org · ‎06-21-2018

Thank you for the info - Let me add that we are running DMVPN and unfortunately the route-base policy is not working. I think this is because of the NHRP but no one has been able to confirm that’s the case.