This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EXOS Lose Internal Access After Applying Policy Based Routing

EXOS Lose Internal Access After Applying Policy Based Routing

Ty_Kolff
New Contributor II

‎11-07-2016 08:19 PM

We are trying to route traffic from a particular server out an ASA firewall. We are moving from a Cisco core where we had the following in place:

ip access-list extended PBR-ASA
permit ip host 10.10.34.54 any
!
route-map ASA-MAP permit 10
match ip address PBR-ASA
set ip default next-hop 10.10.0.3

The behavior on the Cisco was basically to set the 0.0.0.0 route for that particular server to point to the ASA (10.10.0.3), but it still seemed to use all other routes internally so internal connectivity was just fine.

We have tried the following, but when we apply this we lose internal access to the Server (10.10.34.54):

entry PBR-ASA {
if match all {
source-address 10.10.34.54/32;
}
then {
redirect 10.10.0.3;
count pbr-asa;
}
}

I was applying this Access-List to the vlan that this server belonged to:

configure access-list PBR-ASA vlan VLAN305 ingress

We only want this server to redirect to 10.10.0.3 for it's external access. Any ideas on how to achieve this?

Thanks!
0 Kudos
14 REPLIES 14

Erik_Auerswald
Contributor II

‎11-08-2016 07:42 PM

Hi Ty,

you could add an ACL entry to permit traffic from the server to any internal network before the redirect entry. That way internal traffic will be forwarded normally, only external traffic would use PBR, similar to setting a different default route via PBR in Cisco IOS.

Erik
0 Kudos

Ty_Kolff
New Contributor II

‎11-08-2016 02:54 PM

Jeremy,

This is on some x670 switches. Does the flow-redirect 'add nexthop' work similar to the 'set ip default next-hop' in Cisco?

Thanks!
0 Kudos

Erik_Auerswald
Contributor II
In response to Ty_Kolff

‎11-08-2016 02:54 PM

Hi Ty,

the list of nexthop entries created via add nexthop are used to define fallbacks if one (or more) nexthop(s) is(are) unreachable. This is different from setting a different default route via PBR in Cisco IOS.

Erik
0 Kudos

Jeremy_Gibbs
Contributor

‎11-07-2016 09:55 PM

Also, what equipment do you have?
0 Kudos
GTM-P2G8KFN