Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco Routing Rules

Posted on 2014-03-26
8
383 Views
Last Modified: 2014-04-07
Hi -

I am trying to route all my http/https traffic to a different router(internet connection).

I created an access list:

Extended IP access list 102
    10 deny tcp any 0.0.0.0 255.255.255.0 eq www
    20 deny tcp any 0.0.0.0 255.255.255.0 eq 443
    30 permit tcp any any eq www
    40 permit tcp any any eq 443

Then a: route-map, matched to the access-list and set next hop.

Everything seems to work well and the http traffic is going out the proper way.

The only issue I have is that we have internal intranet sites that are in a different office.
I am not able to get to the sites.
Think it is just an access-list issue.
The intranet site is located on network 10.0.50.0 and I am on 10.0.20.0

Any help would be appreciated
0
Comment
Question by:doctor069
  • 5
  • 2
8 Comments
 

Author Comment

by:doctor069
ID: 39957951
Basically, I think I just need to add exception on the access list so the http traffic for 10.0.50.0 passes though
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39959007
Yeah, just add

to the acl where http and ssl is destined for 10.0.50.0 0.0.0.255

I don't understand your two first lines.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39959216
You're access list is weird. I would delete the first two lines and add this line which will prevent internal traffic from getting redirected.

10 deny tcp any 10.0.0.0 255.0.0.0
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:doctor069
ID: 39962464
Hi my access list looks like this now:

access-list 102 deny tcp any 10.0.0.0 255.0.0.0
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 443

But i still cant hit internal http traffic on a different subnet
0
 

Author Comment

by:doctor069
ID: 39962575
Tried this but no luck... an i getting close?

Testing with 10.0.10.17...

access-list 101 permit tcp 10.0.10.17 255.255.255.255 10.0.50.0 255.255.255.0 eq 80

access-list 102 permit tcp 10.0.10.17 255.255.255.255 any eq 80

route-map WebRoute permit 10

match ip address 101

set ip next-hop 10.0.20.3

route-map WebRoute permit 20

match ip address 102

set ip next-hop 172.16.10.2



ip policy route-map WebRoute
0
 

Accepted Solution

by:
doctor069 earned 0 total points
ID: 39962855
Got it, But... I said in the access list only computers between 10.0.10.100 and 10.0.10.255 should use this routing policy, but all computers are using it. eg. 10.0.10.60 is routing through here as well.

access-list 101 permit tcp 10.0.10.100 0.0.0.255 10.0.50.0 0.0.0.255 eq 80

access-list 102 permit tcp 10.0.10.100 0.0.0.255 any eq 80

route-map WebRoute permit 10

match ip address 101

set ip next-hop 10.0.20.3

route-map WebRoute permit 20

match ip address 102

set ip next-hop 172.16.10.2
0
 

Author Closing Comment

by:doctor069
ID: 39982569
was able to solve issue
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39982656
Your access lists in your last post are not what they appear to be.  10.0.10.100 mask 0.0.0.255 really is 10.0.10.X, where X is from 0 to 255. To get 10.0.10.100-255 takes many statements because of the way masking works with binary numbers. If you can adjust your range to 10.0.10.128-255, that is easily accomplished via 10.0.10.128 0.0.0.128
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question