cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
132
Views
0
Helpful
1
Replies
Gerald King
Beginner

Routes determined by destination address

I have a client, who has MPLS connecting all spoke sites back to the HUB or NOC. Obviously, we have 1 default route currently.  The MPLS is currently running on 1.5M T1. Customer refuses to increase capacity and bring in Metro-E/Fiber.  They brought in copper/cable ISP instead. Now, customer wants us to setup a site-to-site VPN between the ASA at the NOC and the router at the spoke site.  Problem is, they want all the VDI traffic to ride the T1 MPLS, but the want all imaging (specific destination IP) traffic to ride the site-to-site VPN. 

How can I make this happen? ATT MPLS is the current active MPLS connection.  Earthlink was replaced by ATT. 

How can I accomplish sending specific traffic destined for a specific IP address across the VPN tunnel, but all other traffic ride the MPLS?

 

Current setup on the spoke router is:

*******************************************************************START CODE********************************************************************

!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description ***MPLS to Earthlink***
 shutdown
 ip address 10.10.11.2 255.255.255.252
 ip nbar protocol-discovery ipv4
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description ATT_MPLS
 ip address 10.100.11.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet1/0
 ip address 192.168.11.1 255.255.255.0
 ip helper-address 192.168.1.11
 ip nbar protocol-discovery ipv4
 ip flow ingress
 ip flow egress
 ip virtual-reassembly in
!
interface GigabitEthernet1/1
 description Internal switch interface connected to EtherSwitch Service Module
 no ip address
!
interface Cellular0/0/0
 no ip address
 encapsulation slip
 dialer in-band
 dialer string lte
!
interface Vlan1
 no ip address
!
router bgp 65311
 bgp log-neighbor-changes
 network 192.168.11.0
 redistribute connected
 neighbor 10.10.11.1 remote-as 65311
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source GigabitEthernet1/0
ip flow-export version 9
ip flow-export destination 192.168.1.20 2055
!
ip route 0.0.0.0 0.0.0.0 10.100.11.1
ip route 0.0.0.0 0.0.0.0 10.10.11.1 250
ip route 192.168.1.0 255.255.255.0 10.100.11.1
!

*******************************************************************END CODE********************************************************************

On the NOC side, I have:

 

MPLS router >> CORE

Internet router >> DMZ SWITCH >> CORE & ASA

 

 

Thanks in advance for your help. 

 

1 REPLY 1
Jon Marshall
VIP Community Legend

To get the imaging traffic to go via the VPN for the specific destination IP addresses is easy, just add a route for it on the core.

The problem is the return traffic and you will have to use PBR to achieve that because you need to route traffic based on source IP address.

You cannot do that with a routing protocol.

If I have misunderstood please clarify.

Jon