cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
439
Views
5
Helpful
5
Replies
Highlighted
Participant

Route-map using 02 internet circuit

Hello guys!

 

Please, I need help with one issue that I'm facing.

 

I have 02 sites (A and B) connected by MPLS, both sites have internet circuit, but after internet circuit of site B goes down, the default route was changed to use the internet from site A.

After this change one Web Server that is on site B stopped to work, the reason is that this server uses a public IP from the internet from site B.

To solve this issue I create a PBR with ACL source the private IP (source) to any (destination)

Next-hop is the internet fw of site B.

Extended IP access list LOCAWEB
10 permit IP host 10.166.115.10 any
20 permit IP host 10.166.115.11 any

!

route-map ROUTE-LOCAWEB, permit, sequence 10
Match clauses:
ip address (access-lists): LOCAWEB
Set clauses:
ip next-hop 10.166.64.1
Policy routing matches: 0 packets, 0 bytes

!

The Web Server is working, but I lose connectivity with the server using internal IP. All my network is 10.0.0.0/8.

I already tried to change the ACL and put the rule below, but when I do it both (internal and external) communication stop to work.

08 deny ip host 10.166.115.10 10.0.0.0 255.0.0.0

09 deny ip host 10.166.115.11 10.0.0.0 255.0.0.0

 

Does anyone know how to solve this issue?

 

Thanks

Marcio

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hello
Probably need to amend you access-list to deny PBR for traffic between your host and the 10.0.0.0/8

ip access-list extended LOCALWEB
permit ip host 10.166.115.10 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 host 10.166.115.10
permit ip host 10.166.115.11 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 host 10.166.115.11


route-map ROUTE-LOCAWEB deny 5
match ip address LOCALWEB

route-map ROUTE-LOCAWEB  permit 10
no match ip address LOCALWEB
set ip next-hop 10.166.64.1



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

5 REPLIES 5
Highlighted
VIP Mentor

Hello
Probably need to amend you access-list to deny PBR for traffic between your host and the 10.0.0.0/8

ip access-list extended LOCALWEB
permit ip host 10.166.115.10 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 host 10.166.115.10
permit ip host 10.166.115.11 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 host 10.166.115.11


route-map ROUTE-LOCAWEB deny 5
match ip address LOCALWEB

route-map ROUTE-LOCAWEB  permit 10
no match ip address LOCALWEB
set ip next-hop 10.166.64.1



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Highlighted

Hello Paul,

 

In your ACL is considering just the communication with network 10.0.0.0/8, in this case, the traffic to the internet should continue using default route and going to Site A, right?

Highlighted

I made the change and worked fine.
Thank you very much
Highlighted

Hello

Glad to see its working - Thank You for the feedback and rating.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Hall of Fame Master

Hello Marcio,

ACLs use wildcard mask so the additional lines should be:

 

08 deny ip host 10.116.15.10 10.0.0.0 0.255.255.255

09 deny ip host 10.116.15.11 10.0.0.0 0.255.255.255

 

Hope to help

Giuseppe