cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
511
Views
0
Helpful
2
Replies

policy based routing design and questions for default gateway

juan-ruiz
Level 1
Level 1

1 Cisco 3560 switch with enhanced image running OSPF:

2 Cisco ASA 5510 running OSPF:

I have a server vlan 10.0.5.0/24

I have a firewall vlan 192.168.20.0/24

The two firewalls connect to two different ISP.

Firewall for ISP 1 is 192.168.20.1

Firewall for ISP 2 is 192.168.20.2

The default gateway for the servers is 10.0.5.1 the vlan interface on the 3560

I have 5 servers that need to go to 192.168.20.2 and the remainder use the default route 192.168.20.1.

I believe I need to configure a policy route using route maps.

I'm looking for some direction in my approach and route map design.

I will create an access-list matching the 5 servers.

Access-list 20 permit ip 10.0.5.45

Access-list 20 permit ip 10.0.5.46

Access-list 20 permit ip 10.0.5.47

Access-list 20 permit ip 10.0.5.48

Access-list 20 permit ip 10.0.5.49

Next I create a route-map for the policy

Route-map set-isp2-gateway permit 10

Match ip address 20

Set ip next hop 192.168.20.2

Last but not least I apply this to the VLAN interface on the Cisco 3560 Switch for the server vlan 10.0.5.1.

Interface vlan 5

Ip policy route-map set-isp2-gateway

exit

Can someone please let me know if I'm on the right direction with this default gateway requirement?

As an FYI both the firewalls advertise the default gateway into the Cisco 3560 switch.

ISP2 has a higher metric.

What happens if the default route from ISP2 is not on the Cisco 3560 switch?

Will the policy map just default to use 192.168.20.1?

Thanks a bunch to everyone who helped.

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Juan,

Since you have "Set ip next hop" in your route map, if the next hop exists in the routing table, then the command policy routes the packet to the next hop.

if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.

Also, in your access list you need host command

access-list 20 permit host 10.0.5.45

Here is the link to the paper:

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

HTH

Reza

View solution in original post

2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

Juan,

Since you have "Set ip next hop" in your route map, if the next hop exists in the routing table, then the command policy routes the packet to the next hop.

if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.

Also, in your access list you need host command

access-list 20 permit host 10.0.5.45

Here is the link to the paper:

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

HTH

Reza

Reza,

Thanks very much for the information.

Kind regards,

Juan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: