GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Cisco policy based routing question

Home Forums Networking Cisco Routers & Switches How-to Cisco policy based routing question

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    rtr1129
    Member
    #143576

    In every example I have seen online, to implement policy based routing, a route-map is created, and then it is applied to an interface. Here is an example:

    http://petri.com/how-to-use-cisco-ios-policy-based-routing-features.htm

    I have a Cisco 1700 that is configured with two ISPs. The intention is for all web traffic (TCP ports 80/443) to go to ISP B, and all other traffic to go through ISP A. However, instead of applying the route-map to the interfaces, the route-map has been “applied” to a NAT statement.

    I have not been able to find any documentation on what tagging a route-map to an ip nat line is supposed to do. Can anyone explain how this is working? It is working as expected, but my gut feeling is that there is a cleaner way to configure this.

    Should this be reconfigured by applying the route-map to the interface?

    Does the traffic (80/443) need to be permitted in 111 AND denied in 112? Or is that redundant?

    192.168.10.2 is a Cisco ASA, and the entire inside network is behind that. So it’s been setup in a double-NAT configuration.

    Code:
    interface Ethernet0
    description ISPA Connection
    ip address 1.2.3.226 255.255.255.224
    ip nat outside
    half-duplex
    !
    interface Ethernet1
    description ISPB Connection
    ip address 4.5.6.42 255.255.255.248
    ip nat outside
    full-duplex
    !
    interface FastEthernet0
    ip address 192.168.10.1 255.255.255.0
    ip nat inside
    speed auto
    !

    ip nat inside source static 192.168.10.2 1.2.3.226 route-map isp_a
    ip nat inside source static 192.168.10.2 4.5.6.42 route-map isp_b

    ip route 0.0.0.0 0.0.0.0 1.2.3.225
    ip route 0.0.0.0 0.0.0.0 4.5.6.41 200

    access-list 111 remark ACL sending specified traffic to ISP B
    access-list 111 permit tcp any any eq www
    access-list 111 permit tcp any any eq 443
    access-list 111 deny ip any any
    access-list 112 remark ACL sending all other traffic to ISP A
    access-list 112 deny tcp any any eq www
    access-list 112 deny tcp any any eq 443
    access-list 112 permit ip any any

    route-map isp_b permit 10
    match ip address 111
    set ip next-hop 4.5.6.41
    !
    route-map isp_a permit 10
    match ip address 112
    set ip next-hop 1.2.3.225
    !

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.