Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
5
Helpful
4
Replies

Policy based routing

Go to solution
winpwnkmr
Level 1
Level 1

‎03-15-2010 12:58 PM - edited ‎03-04-2019 07:48 AM

Hi,

I want to configure PBR on cisco router. That router is connected to 2 cisco ASA with 2 different ISP's.

FW1          FW2

  |_________|

          |

         RO

          |

      Server

Default route for router is FW1. Various vlans are configured and inter-vlan routing working on that router.

I want if any request comes for server from 100.20.15.5 IP (outside traffic) via FW2, respose should be sent back to same route i.e. via FW2.

Currently request is coming from FW2 to server but as the default route is FW1 so outside user is not getting any response from the server. I have configured policy routing but it's not working, below is the configuration:

interface GigabitEthernet0/0.14
description "Server VLAN"

encapsulation dot1Q 14
ip address 172.16.14.254 255.255.255.0
ip policy route-map t_mob
!
interface GigabitEthernet0/1.18
description "Connected to FW2"
encapsulation dot1Q 18
ip address 10.2.2.6 255.255.255.248
!
ip access-list extended t_mob_routemap
description "Outside user IP"

permit ip host 100.20.15.5 any
deny   ip any any
!
route-map t_mob permit 10
match ip address t_mob_routemap
set interface GigabitEthernet0/1.18
!

Pls. suggest what's the problem.

Thanks,

Pawan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ernest.zhamkochian
Level 1
Level 1

‎03-15-2010 09:44 PM

Hi,

Jon is right, you have to change the access list.

But also you can forget about policy based routing and just put the static route

ip route 100.20.15.5 255.255.255.255 FW2IP

and all the traffic with destination 100.20.15.5 will go through FW2.

View solution in original post

4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-15-2010 01:09 PM

Pawan

ip access-list extended t_mob_routemap
description "Outside user IP"

permit ip host 100.20.15.5 any
deny   ip any any

is 100.20.15.5 a user on the Internet ? If so you need to modify the above acl to

permit ip host host 100.20.15.5

Jon

0 Helpful

Go to solution
ernest.zhamkochian
Level 1
Level 1

‎03-15-2010 09:44 PM

Hi,

Jon is right, you have to change the access list.

But also you can forget about policy based routing and just put the static route

ip route 100.20.15.5 255.255.255.255 FW2IP

and all the traffic with destination 100.20.15.5 will go through FW2.

Go to solution
winpwnkmr
Level 1
Level 1
In response to ernest.zhamkochian

‎03-16-2010 12:35 AM

Thanks Jon and Ernest.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ernest.zhamkochian

‎03-16-2010 03:14 AM

Ernest

But also you can forget about policy based routing and just put the static route

ip route 100.20.15.5 255.255.255.255 FW2IP

Good point I was so busy looking at the PBR config i overlooked the obvious !

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card