11-07-2009 03:02 PM - edited 03-06-2019 08:29 AM
1 Cisco 3560 switch with enhanced image running OSPF:
2 Cisco ASA 5510 running OSPF:
I have a server vlan 10.0.5.0/24
I have a firewall vlan 192.168.20.0/24
The two firewalls connect to two different ISP.
Firewall for ISP 1 is 192.168.20.1
Firewall for ISP 2 is 192.168.20.2
The default gateway for the servers is 10.0.5.1 the vlan interface on the 3560
I have 5 servers that need to go to 192.168.20.2 and the remainder use the default route 192.168.20.1.
I believe I need to configure a policy route using route maps.
I'm looking for some direction in my approach and route map design.
I will create an access-list matching the 5 servers.
Access-list 20 permit ip 10.0.5.45
Access-list 20 permit ip 10.0.5.46
Access-list 20 permit ip 10.0.5.47
Access-list 20 permit ip 10.0.5.48
Access-list 20 permit ip 10.0.5.49
Next I create a route-map for the policy
Route-map set-isp2-gateway permit 10
Match ip address 20
Set ip next hop 192.168.20.2
Last but not least I apply this to the VLAN interface on the Cisco 3560 Switch for the server vlan 10.0.5.1.
Interface vlan 5
Ip policy route-map set-isp2-gateway
exit
Can someone please let me know if I'm on the right direction with this default gateway requirement?
As an FYI both the firewalls advertise the default gateway into the Cisco 3560 switch.
ISP2 has a higher metric.
What happens if the default route from ISP2 is not on the Cisco 3560 switch?
Will the policy map just default to use 192.168.20.1?
Thanks a bunch to everyone who helped.
Solved! Go to Solution.
11-07-2009 04:38 PM
Juan,
Since you have "Set ip next hop" in your route map, if the next hop exists in the routing table, then the command policy routes the packet to the next hop.
if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.
Also, in your access list you need host command
access-list 20 permit host 10.0.5.45
Here is the link to the paper:
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
HTH
Reza
11-07-2009 04:38 PM
Juan,
Since you have "Set ip next hop" in your route map, if the next hop exists in the routing table, then the command policy routes the packet to the next hop.
if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.
Also, in your access list you need host command
access-list 20 permit host 10.0.5.45
Here is the link to the paper:
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
HTH
Reza
11-08-2009 07:27 AM
Reza,
Thanks very much for the information.
Kind regards,
Juan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: