06-12-2007 07:57 AM - edited 03-05-2019 04:39 PM
Hi,
I am tasked with changing the routing for the server in the attached diagram. It is a citrix secure gateway.
The switch in the diag 192.168.100.23/21 is the gateway for that network and currently routes default traffic to the firewall 192.168.100.252.
What I want to achieve that is externally bound traffic from the server get routed to 192.168.100.240.
Can anyone suggest a way of doing this?
Regards
J mack
06-12-2007 09:19 AM
What kinda switch is the gateway.
If the platform supports you can implement PBR to route traffic originated from the server to 192.168.100.240.
route-map test permit 10
match ip address 100
set ip next-hop 192.168.100.240
access-list 100 deny ip host 192.168.100.55
access-list 100 permit ip host 192.168.100.55 any
int vlan 1
ip policy route-map test
HTH, rate if it does
Narayan
06-13-2007 02:01 AM
Hi Narayan,
It's a Cat 3750 on 12.2. So it looks like I should be able to acheive this.
I still want the internal networks to be able to access this so do i need to ammend the access list?
Will implementing PBR affect other routes i have running.
1.0.0.0/24 is subnetted, 1 subnets
S 1.0.84.0 [1/0] via 192.168.100.240
C 192.168.210.0/24 is directly connected, Vlan2
194.130.108.0/32 is subnetted, 1 subnets
S 194.130.108.102 [1/0] via 192.168.100.240
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.4.62/32 [1/0] via 192.168.100.38
S 172.16.4.0/22 [1/0] via 192.168.100.240
C 192.168.11.0/24 is directly connected, Vlan20
S 192.168.250.0/24 [1/0] via 192.168.100.240
195.188.18.0/32 is subnetted, 2 subnets
S 195.188.18.110 [1/0] via 192.168.100.240
S 195.188.18.99 [1/0] via 192.168.100.240
C 192.168.220.0/24 is directly connected, Vlan3
C 192.168.1.0/24 is directly connected, Vlan10
S 192.168.32.0/24 [1/0] via 192.168.100.240
S* 0.0.0.0/0 [1/0] via 192.168.100.252
C 192.168.96.0/21 is directly connected, Vlan1
Or the hosts connectivity for hosts in VLAN 1?
Regards
J Mack
06-13-2007 02:33 AM
Yes you need to deny the internal subnets so that they are not directed towards the PBR.
Make sure you configure the proper SDM template as well to support PBR
HTH, rate if it does
Narayan
06-13-2007 03:53 AM
Ok thanks.
However the server is a secure gateway that needs to talk to the citrix server 192.168.100.17, is that still feasible whilst denying the rest of the subnet?
Also with regard to the SDM template do you know of any good articles i could get some more info on this?
Regards
J Mack
06-13-2007 04:30 AM
further to that would changing the access-list to something like this
access-list 100 permit ip host 192.168.100.55 host 192.168.100.17
access-list 100 permit ip host 192.168.100.17 host 192.168.100.55
access-list 100 deny ip host 192.168.100.55
access-list 100 permit ip host 192.168.100.55 any
enable the communication I need between those two servers?
06-14-2007 01:00 AM
Hi,
Just wondered if anyone could let me know if the above access-list would work? and what i should implement as an SDM template.
Regards
j Mack
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide