0 Replies Latest reply: Jul 17, 2019 11:41 AM by Stef RSS

    1 Subnet 2 Gateways PBR

    Stef

      Hi,

       

      Its the first time I post here so not sure if this is the right place.
      I have 2 L3 switches configured in HSRP. 1 of them has a link to a firewall.
      My goal is this:

      VL50 Local 1 traffic (10.200.50.0/24) .1 is HSRP virtual IP .4 is Firewall IP

      VL60 Local 2 traffic (10.200.60.0/24) .1 is HSRP virtual IP .4 is Firewall IP

      VL80 DMZ (10.200.80.0/24) .1 is HSRP virtual IP .4 is Firewall IP

       

      VL50<>VL60 should go through an ACL on the VLAN interface to filter traffic. in case the firewall connection is cut this will keep working

      VL50<>DMZ traffic is routed to the firewall

       

      The end devices have the HSRP virtual IP as default gateway.

      I thought that if I make an ACL that define's all traffic with destination DMZ or web traffic and apply a route-map to it to forward it to the .2 (firewall IP) it would work.
      It doesn't and I don't really know why, any advice?

       

       

       

      Extended IP access list 2150

          10 permit ip 10.200.50.0 0.0.0.255 10.200.80.0 0.0.0.255

          20 deny ip 10.200.50.0 0.0.0.255 10.0.0.0 0.255.255.255

          30 deny ip 10.200.50.0 0.0.0.255 172.16.0.0 0.15.255.255

          40 deny ip 10.200.50.0 0.0.0.255 192.168.0.0 0.0.255.255

          50 permit ip 10.200.50.0 0.0.0.255 any

       

      route-map TEST permit 10

      match ip address 2150

      set ip next-hop 10.200.50.4

       

       

      local traffic seems to work well but the PBR doesn't work at all