03-15-2010 12:58 PM - edited 03-04-2019 07:48 AM
Hi,
I want to configure PBR on cisco router. That router is connected to 2 cisco ASA with 2 different ISP's.
FW1 FW2
|_________|
|
RO
|
Server
Default route for router is FW1. Various vlans are configured and inter-vlan routing working on that router.
I want if any request comes for server from 100.20.15.5 IP (outside traffic) via FW2, respose should be sent back to same route i.e. via FW2.
Currently request is coming from FW2 to server but as the default route is FW1 so outside user is not getting any response from the server. I have configured policy routing but it's not working, below is the configuration:
interface GigabitEthernet0/0.14
description "Server VLAN"
encapsulation dot1Q 14
ip address 172.16.14.254 255.255.255.0
ip policy route-map t_mob
!
interface GigabitEthernet0/1.18
description "Connected to FW2"
encapsulation dot1Q 18
ip address 10.2.2.6 255.255.255.248
!
ip access-list extended t_mob_routemap
description "Outside user IP"
permit ip host 100.20.15.5 any
deny ip any any
!
route-map t_mob permit 10
match ip address t_mob_routemap
set interface GigabitEthernet0/1.18
!
Pls. suggest what's the problem.
Thanks,
Pawan
Solved! Go to Solution.
03-15-2010 09:44 PM
Hi,
Jon is right, you have to change the access list.
But also you can forget about policy based routing and just put the static route
ip route 100.20.15.5 255.255.255.255 FW2IP
and all the traffic with destination 100.20.15.5 will go through FW2.
03-15-2010 01:09 PM
Pawan
ip access-list extended t_mob_routemap
description "Outside user IP"
permit ip host 100.20.15.5 any
deny ip any any
is 100.20.15.5 a user on the Internet ? If so you need to modify the above acl to
permit ip host
Jon
03-15-2010 09:44 PM
Hi,
Jon is right, you have to change the access list.
But also you can forget about policy based routing and just put the static route
ip route 100.20.15.5 255.255.255.255 FW2IP
and all the traffic with destination 100.20.15.5 will go through FW2.
03-16-2010 12:35 AM
Thanks Jon and Ernest.
03-16-2010 03:14 AM
Ernest
But also you can forget about policy based routing and just put the static route
ip route 100.20.15.5 255.255.255.255 FW2IP
Good point I was so busy looking at the PBR config i overlooked the obvious !
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: