cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
433
Views
0
Helpful
1
Replies

Policy Based Routing

thisguy365
Level 1
Level 1

Working on a project to consolidate multiple routers for our various networks into 1 Catalyst switch stack, we are using catalyst 9300-24-T-As

 

The different networks we have need to go out different firewalls towards the internet, need to be able to communicate with each other and there is a branch office connected by fiber that we will have static routes to.

 

Trying to make sure i get the route-maps right.

My big hangup is that i dont understand when it decides to use the route-map vs Connected/Static routes.

Is it route-map>connected>static or connect>static>route-map or something else?

Any Input is appreciated.

 

192.168.254.50 and .20 are separate firewall connecting to other networks

192.168.252.1 is an interface on our ASA that has an inline webfilter attached

192.168.254.1 is an interface on our ASA that Nats outside

 

ip route 192.168.0.0 255.255.255.0 192.168.254.50
ip route 192.168.1.0 255.255.255.0 192.168.254.20

 

interface Vlan10
 description trusted
 ip address 192.168.17.1 255.255.255.0
!
interface Vlan30
 description servers
 ip address 192.168.30.1 255.255.255.0
!
interface Vlan70
 description Training-Lab
 ip address 192.168.18.1 255.255.255.0
!
interface Vlan90
 description PHONES
 ip address 192.168.90.1 255.255.255.0
!

ip access-list standard PRIVATE-NETS
 permit 10.0.0.0 0.255.255.255
 permit 172.16.0.0 0.15.255.255
 permit 192.168.0.0 0.0.255.255

!

route-map V10 deny 10
 match ip address PRIVATE-NETS
!
route-map V10 permit 100
 set ip next-hop 192.168.252.1

 

 

 

 

1 Accepted Solution

Accepted Solutions

Hello

How I see it is you have static routes stating that the two 192.168 x.x/24 subnets are reachable via their related next hops, Then you are then stating via a pbr deny statement to normal route any traffic related to 192.168.0.0/16.


So PBR will take precedence but due to the deny statement any 192.168.0.0/16 traffic will be routed normally be it by your static route statements


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

1 Reply 1

Hello

How I see it is you have static routes stating that the two 192.168 x.x/24 subnets are reachable via their related next hops, Then you are then stating via a pbr deny statement to normal route any traffic related to 192.168.0.0/16.


So PBR will take precedence but due to the deny statement any 192.168.0.0/16 traffic will be routed normally be it by your static route statements


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card