cancel
Showing results for 
Search instead for 
Did you mean: 

acl based forwarding

acl based forwarding

GCIT_Support
New Contributor II
I have several groups that are all serviced by one core switch 670 with core license. I need a way to make routing and next hop decisions based on source subnet.
I want group 1 to go out firewall 1 and group 2 to go to firewall 2. I need local traffic to be routed on the core. I do not want to forward all traffic to firewalls for routing decisions. What would be the best way? Clients seem to ping fw but not get to internet.

Here is how I am doing it now.
show policy "lb-redir_gov"Policies at Policy Server:
Policy: lb-redir_gov
entry route_local_traffic {
if match all {
destination-address 192.168.0.0/16 ;
}
then {
permit ;
}
}
entry redirect_gov {
if match all {
source-address 192.168.0.0/16 ;
}
then {
redirect 10.0.5.10 ;
}
}
Number of clients bound to policy: 1
Client: acl bound once
3 REPLIES 3

Joseph_Burnswor
New Contributor III
If memory serves me well, this should take place after the routing table.

davidj_cogliane
Contributor
But he only wants to send some traffic from each subnet to the firewalls. He is trying to keep internal traffic on the router. Seems like he needs an exclusion for the internal subnets.

No?

Joseph_Burnswor
New Contributor III
I think this may be what you are looking for

entry route_local_traffic {
if {
Destination-address 0.0.0.0/0;
source-address 192.168.0.0/16;
}
then {
redirect 10.0.5.10;
}
}

This will forward all traffic from source 192.168.0.0/16 to take the next hop to 10.0.5.10 for any and all traffic

GTM-P2G8KFN