10-24-2009 10:36 PM - edited 03-04-2019 06:29 AM
Hello
I have a 5 site WAN. The Head Office is supposed to receive all the http(s) traffic and route that to the internet.
I have tried to configure a route-map from one of the sites but am unsuccesful.
Attached is a diagram with my network layout as well as the config for the router with the route-map and the Head Office router config.
TIA
wvw
10-25-2009 03:47 AM
Hello Willem.
So are you trying to force all web traffic that enters f0/1 of site1 towards your head office? On your site1 configuration I can see you have policy routing configured but on your WAN interface so this will only affect traffic inbound from the head office.
From what I understand I think you need something like this?
interface FastEthernet0/1
ip policy route-map WWW
!
access-list 140 permit tcp any host 192.168.1.254 eq www
!
route-map WWW permit 10
match ip address 140
set ip next-hop x.x.x.x
This configuration will forward all WWW traffic destined to 192.168.1.254 that arrives on f0/1 of site1 to the next hop x.x.x.x
Is that what you are after?
Kind Regards,
Simon
10-26-2009 12:18 PM
Hello Simon
Thanks for your help! :)
"So are you trying to force all web traffic that enters f0/1 of site1 towards your head office?"
That is exactly what I am trying to do.
All port 80 traffic from Site1 needs to go to the Head Office router to hit 192.168.1.254.
From your example, I will configure the router and let you know how it works.
Thanks
willemvw
10-26-2009 06:43 PM
Hi Simon
I have changed the config on site 1's router to the following:
Int F0/1
ip address 192.168.5.100 255.255.255.0
ip policy route-map WWW
Running Config:
access-list 140 permit tcp any host 192.168.1.254 eq www
access-list 140 permit tcp any host 192.168.1.254 eq 443
queue-list 1 protocol ip 1 list 140
route-map WWW permit 10
match ip address 140
set ip next-hop 192.168.1.200
I have changed the config on Head Office's router to the following:
interface FastEthernet0/0
ip policy route-map WWW
interface FastEthernet0/1
ip policy route-map WWW
access-list 140 permit tcp any host 192.168.1.254 eq www
access-list 140 permit tcp any host 192.168.1.254 eq 443
route-map WWW permit 10
match ip address 140
set ip next-hop 192.168.1.254
This according to the customer is still not working in that he cannot browse.
I think this could be due to the route-map WWW applied to only LAN interface on the Site 1 router and also the next-hop IP Addresses. Can you please confirm whether I should make the next-hop IP Addresses 192.168.1.200 (Head Office LAN) or should I make it the 192.168.1.254 (WWW Gateway server at Head Office)
Regards
willemvw
10-27-2009 04:21 AM
Hi Willem.
I think you need to change your ACL 140. Currently the policy routing only capture HTTP and HTTPS traffic which is destined to 192.168.1.254.
I think you want ALL HTTP and HTTPS traffic to be SENT to 192.168.1.254, so I think you need to delete ACL 140 on both routers and create it as:
access-list 140 permit tcp any any eq www
access-list 140 permit tcp any any eq 443
Kind Regards,
Simon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide