Re: Reroute data to another device on the LAN

restorxcisco · ‎10-20-2006

I have two devices on my LAN:

1..Cisco ASA5510 firewall

2..Cisco 871 VPN router

The 5510 is for internet access and the 871 is for the VPNs between the satellite offices and the local head office.

My problem is that the 5510 (192.64.10.212) is the default gateway on my LAN. The 871 (192.64.10.213) is the gateway to the satellite offices (say 192.168.2.xxx).

When I try to ping 192.168.2.180 in my satellite office, I think the data is going to the 5510 and stopping there.

How do I configure the 5510 (192.64.10.212) to route all data for the satellite office (192.168.2.xxx) back thru the 871 (192.64.10.213)?

Both 5510 & 871 are on the same network.

Adam Frederick · ‎10-21-2006

Configure PBR (Policy Based Routing) on the device prior to hitting your ASA or 871 (i.e. L3 Switch or Router). Hopefully it is cisco, if it is below is an example.

!

access-list 1 permit 192.168.2.0 any

access-list 2 permit any

!

route-map satellite permit 10

match ip address 1 <- matches ACL 1

set ip next-hop 192.64.10.213

!

route-map satellite permit 20

match ip address 2 <- matches ACL 2

set ip next-hop 192.64.10.212

!

interface FastEthernet0/0

ip add 192.64.10.211 255.255.255.0

ip policy route-map satellite

!

This will send all traffic destined to 192.168.2.x to the 871 and all remaining traffic to the ASA. Again this will require a cisco L3 switch or router, if you are using another vendor you'll need to check their config setup for PBR.

HTH

restorxcisco · ‎10-21-2006

I'm using the ASDM GUI- how do I set this up in the GUI? Thanks.

restorxcisco · ‎10-22-2006

I just spoke to a Cisco person and they tell me that you can not route data which comes in on the LAN port back out the LAN port to another router.

So what's my next option?