Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
4167
Views
0
Helpful
4
Replies

policy based routing in 6509

karthikeyan gopinathan
Level 1
Level 1

ā€Ž05-12-2010 05:16 PM - edited ā€Ž03-06-2019 11:03 AM

hello all

let me tell the scenario first.

1. 6509 is the core switch for our organisation.

2. there are several vlan created and the internet traffic for the  vlans go to the internet via proxy server. the proxy server has connection to the internet

3. so we dont have a default gateway in the core switch

4. we connected a new device called fortinet for testing which is having a internet connection

5. we created a new vlan for testing and tried to forward only the internet traffic to the device through PBR and i was sucessful, but http service was internal servers was not working. below is the access list and PBR i created


interface Vlan10
description fortinet
ip address 172.35.0.1 255.255.0.0
ip policy route-map fortinet
end

access-list 101 permit tcp any any eq www

route-map fortinet permit 20
match ip address 101
set ip next-hop 172.35.0.2

the internal ip address for the fortinet device is 172.35.0.2

through the above PBR i am able to go to the internet, access internal servers through https, connect RDP any server, but not able to perform http access to internal servers. so i am trying to create more access lists but as of now i am not able to find any solution so need help on this..if any one have any suggestions please reply to this

thanks in advance

karthik

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

ā€Ž05-12-2010 07:22 PM 

karthikgopi wrote:


interface Vlan10
 description fortinet
 ip address 172.35.0.1 255.255.0.0
 ip policy route-map fortinet
end
access-list 101 permit tcp any any eq www
route-map fortinet permit 20
 match ip address 101
 set ip next-hop 172.35.0.2
the internal ip address for the fortinet device is 172.35.0.2
through the above PBR i am able to go to the internet, access internal servers through https, connect RDP any server, but not able to perform http access to internal servers. so i am trying to create more access lists but as of now i am not able to find any solution so need help on this..if any one have any suggestions please reply to this
thanks in advance
karthik

Karthik

Could you clarify your setup ?

You have a device on vlan 10 which has it's own internet connection ie. the fortinet ?

You are then trying to send traffic to this fortinet ? If so applying the route-map to vlan 10 won't work. You need to apply it to the vlan that the clients are coming in from.

Perhaps you could explain a bit more.

Jon

0 Helpful

karthikeyan gopinathan
Level 1
Level 1
In response to Jon Marshall

ā€Ž05-13-2010 08:39 AM

Hi jon

Thanks for replying the clients as well as the fortinet both are in the same network I means the same vlan 10.

Thanks

Karthik

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to karthikeyan gopinathan

ā€Ž05-13-2010 08:48 AM

Karthik

Then you can't use PBR because the clients will never go to the L3 vlan 10 interface to get to the fortinet. You need the clients in a different vlan and you need to apply your route-map to the client L3 vlan interface.

Jon

0 Helpful

karthikeyan gopinathan
Level 1
Level 1
In response to Jon Marshall

ā€Ž05-14-2010 08:55 AM

hi i resolved the issue by adding deny acl

access-list 101 deny ip host 172.16.X.X

access-list 101 permit tcp any any eq www

0 Helpful
Customers Also Viewed These Support Documents