Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
2
Replies

Policy based routing (PBR) problem-anybody can resolve?

kibriam
Level 1
Level 1

‎03-15-2005 12:36 AM - edited ‎03-03-2019 09:02 AM

Current scenario:

Currently NAT is configured in PIX & no out going restriction. 172.16.16.x network static route entry.

Incoming traffic thru ISP2- www, http, https.

Outgoing traffic thru ISP2- all traffic allowed

Incoming traffic thru ISP1- smtp.

Note that www, IB & mail servers are configured with internal LAN IP and mapped with real IP in PIX.

Gateway router send request to PIX and PIX send all traffic to cisco2611, it redirects traffic in 3 different path as required.

Planning to do the following:

Incoming traffic thru ISP2- www, http, https.

Incoming traffic thru ISP1- smtp.

Outgoing traffic thru ISP2- no internet traffic allowed

Outgoing traffic thru ISP1- smtp & www/http

* To get the above I have configured the cisco2611 as policy base routing for the expected services but not working.

pl see the EBL-diagram (ignore IB-diagram if not open)attached and cisco2611 config bellow:

Cisco2611>ena

Password:

EBL-EXTROUTER#sh run

Building configuration...

!

interface FastEthernet0/0

ip address 192.168.x.246 255.255.255.0 secondary

ip address 203.112.195.y 255.255.255.240

ip nat inside

ip policy route-map traffic-redirect

!

interface Serial0/0

description connected to BTTB Internet

bandwidth 256

ip address 203.112.192.x 255.255.255.252

!

interface FastEthernet0/1

ip address 203.76.102.a 255.255.255.248

ip nat outside

!

interface Serial0/1

description connected to ITCL

bandwidth 64

ip address 192.168.1.6 255.255.255.252

!

ip local policy route-map traffic-redirect

ip nat inside source list 1 interface FastEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 203.76.102.1

ip route 0.0.0.0 0.0.0.0 203.112.192.x 100

ip route 172.16.16.0 255.255.255.0 192.168.1.5

ip route 172.16.16.0 255.255.255.0 203.112.195.22 100

ip route 172.16.17.0 255.255.255.0 192.168.2.5

ip route 172.16.17.0 255.255.255.0 203.112.195.22 100

ip route 192.168.4.0 255.255.255.0 FastEthernet0/0

ip route 203.112.195.16 255.255.255.240 FastEthernet0/0

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

route-map traffic-redirect permit 10

match ip address 1

set ip precedence priority

set ip next-hop 203.76.102.x

pl send your opinion

Labels:
Preview file
428 KB
16119-IB Diagram.vsd
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎03-21-2005 08:02 AM

Your design looks good...

0 Helpful

kibriam
Level 1
Level 1
In response to umedryk

‎03-22-2005 12:34 AM

But as per my expectation following is not working:

Outgoing traffic thru ISP2- should not allowed internet traffic

Outgoing traffic thru ISP1- smtp & www/http should allow

* To get the above I have configured the cisco2611 as policy base routing for the expected services but not working.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card