Solved

Cisco Routing Rules

Posted on 2014-03-26
8
389 Views
Last Modified: 2014-04-07
Hi -

I am trying to route all my http/https traffic to a different router(internet connection).

I created an access list:

Extended IP access list 102
    10 deny tcp any 0.0.0.0 255.255.255.0 eq www
    20 deny tcp any 0.0.0.0 255.255.255.0 eq 443
    30 permit tcp any any eq www
    40 permit tcp any any eq 443

Then a: route-map, matched to the access-list and set next hop.

Everything seems to work well and the http traffic is going out the proper way.

The only issue I have is that we have internal intranet sites that are in a different office.
I am not able to get to the sites.
Think it is just an access-list issue.
The intranet site is located on network 10.0.50.0 and I am on 10.0.20.0

Any help would be appreciated
0
Comment
Question by:doctor069
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 

Author Comment

by:doctor069
ID: 39957951
Basically, I think I just need to add exception on the access list so the http traffic for 10.0.50.0 passes though
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39959007
Yeah, just add

to the acl where http and ssl is destined for 10.0.50.0 0.0.0.255

I don't understand your two first lines.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39959216
You're access list is weird. I would delete the first two lines and add this line which will prevent internal traffic from getting redirected.

10 deny tcp any 10.0.0.0 255.0.0.0
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:doctor069
ID: 39962464
Hi my access list looks like this now:

access-list 102 deny tcp any 10.0.0.0 255.0.0.0
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 443

But i still cant hit internal http traffic on a different subnet
0
 

Author Comment

by:doctor069
ID: 39962575
Tried this but no luck... an i getting close?

Testing with 10.0.10.17...

access-list 101 permit tcp 10.0.10.17 255.255.255.255 10.0.50.0 255.255.255.0 eq 80

access-list 102 permit tcp 10.0.10.17 255.255.255.255 any eq 80

route-map WebRoute permit 10

match ip address 101

set ip next-hop 10.0.20.3

route-map WebRoute permit 20

match ip address 102

set ip next-hop 172.16.10.2



ip policy route-map WebRoute
0
 

Accepted Solution

by:
doctor069 earned 0 total points
ID: 39962855
Got it, But... I said in the access list only computers between 10.0.10.100 and 10.0.10.255 should use this routing policy, but all computers are using it. eg. 10.0.10.60 is routing through here as well.

access-list 101 permit tcp 10.0.10.100 0.0.0.255 10.0.50.0 0.0.0.255 eq 80

access-list 102 permit tcp 10.0.10.100 0.0.0.255 any eq 80

route-map WebRoute permit 10

match ip address 101

set ip next-hop 10.0.20.3

route-map WebRoute permit 20

match ip address 102

set ip next-hop 172.16.10.2
0
 

Author Closing Comment

by:doctor069
ID: 39982569
was able to solve issue
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39982656
Your access lists in your last post are not what they appear to be.  10.0.10.100 mask 0.0.0.255 really is 10.0.10.X, where X is from 0 to 255. To get 10.0.10.100-255 takes many statements because of the way masking works with binary numbers. If you can adjust your range to 10.0.10.128-255, that is easily accomplished via 10.0.10.128 0.0.0.128
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month7 days, 19 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question