09-07-2009 10:39 AM - edited 03-04-2019 05:58 AM
Hi,
Need Urgent help on specific routing requirements
In Our Scenario Site_A is connected to Site_B via IPSEC GRE Tunnel running OSPF as routing protocol.
Site_A host all applications for Site_B.
We already have inplace another point-2-point link between Site_A to Site_B and
have specific requirement.
POS_Server only from Site_A should send traffic on this P-2-P link to Site_B.
Any traffic initiated from Site_B to POS_Server on Site_A should be via P-2-P link.
All other traffic should pass IPSEC-Gre_Tunnel.
Kindly Help.
Solved! Go to Solution.
09-07-2009 03:59 PM
You will place the 'ip policy' under Vlan 10 and it will only match on the server ip address, remaining traffic will remain as before.
__
Edison.
09-07-2009 11:02 AM
Hi,
I assumed default traffic is passing IPsec GRE tunnel
For the POS_Server you will need to have policy based routing.
Likewise , for the traffic initiated from site_B to POS_Server you will also need to have policy based routing.
HTH
Mohamed
09-07-2009 11:03 AM
If you need to send certain traffic one way based on the source IP address then you need to use PBR (Policy Based Routing). See this link for configuration details -
Jon
09-07-2009 11:07 AM
You will need Policy-Based Routing (PBR) on both routers as you will modify the routing based on the source.
On the router at Site_A
access-list 101 permit ip [server_ip] [site_b subnet]
route-map server_pbr
match address 101
set ip next-hop [p-2-p link]
interface fx/x
description LAN facing interface
ip policy route-map server_pbr
On the router at Site_B
access-list 101 permit ip [site_b subnet] [server_ip]
route-map server_pbr
match address 101
set ip next-hop [p-2-p link]
interface fx/x
description LAN facing interface
ip policy route-map server_pbr
HTH,
__
Edison.
09-07-2009 12:18 PM
Thanks to all for the input.
This is the way my backbone router is connected to POS_Server and VPN_Router.
I didnt get where should I apply the IP policy route-map command.
----------------------------------------
Vlan=192
BackBone_Router : 192.168.10.1/30
VPN_Router : 192.168.10.2/30
Interface gi3/12
Description connected to VPN_router
switchport access VLAN 192
-------------------------------------
Vlan=10
BackBone_Router : 10.10.10.254/24
POS_Server : 10.10.10.75/24
Interface 2/7
Description Connected to POS_Server
Switchport access vlan 10
--------------------------------------
On VLAN 10 there more server's which needs to be accessed from Site_B and the traffic needs to flow via IPSEC_GRE_Tunnel
Hopefully this config will not impact traffic for other server.
09-07-2009 03:59 PM
You will place the 'ip policy' under Vlan 10 and it will only match on the server ip address, remaining traffic will remain as before.
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide