Need to route traffic based on destination to 2 different routers

Similar Messages

• Route decisions based on destination TCP port with EIGRP

  Need information and plausibility on making routing decisions within EIGRP based on different destination TCP port.  I have a third party partner that we communicate too and they are adding a second location which we will connect too.  They are wanting to use the same destination host IP but make route decision based on destination TCP port; i.e. if we target tcp 6123 they want us to route down link A to site A, if we target tcp 7123 we would route down link B to site B.  I have never had to make that happen so I am looking into whether it actually can and if so what is basic configuration to pursue.  We use static IP routes to/from them today and will in the future at the edge, those are distributed internally to our EIGRP.  Can EIGRP make decisions based on IP and Port?

  No routing protocol makes decisions based on port number as far as I know.
  You need to look into PBR (Policy Based Routing) for this where you can use acls to define the route that traffic takes.
  Depending on your connections you may well need to use tracking as well but it depends.
  If the only reason to use EIGRP is for these connections you probably don't need it as with PBR you are overriding the routing table anyway but you may want to run it for other connectivity.
  If you do a search on PBR you should find quite a few examples but if you get stuck then by all means come back.

• Possible to Route Traffic Based on AVC?

  Is it possible to route traffic, based on the Application Visibility Control functions that specific Cisco routers are capable of?  Here's my issue:  I have two ISP's.  One is at about 120% utilization.  The other isn't doing anything.  I can specify ip routes based on IP addresses.  For instance, I can ip route 173.252.110.27 255.255.255.255 10.x.x.x to point to our ISP2 firewall, which is our non-utilized provider, for Facebook traffic.  The problem is that sites like this have massive public subnets, so I won't be able to capture all of the traffic destined to Facebook.  Is there a way to route traffic based on application?  I know that Palo Alto firewalls have a way to do Policy Based Forwarding, based on application.  I was wondering if the same was possible with AVC.  Thanks for any help.

  Hello.
  Yes, it's possible and, actually, you have 2 ways.
  1. use manual load-balanace between links.
  2. use PfR to load-balance traffic automatically.
  PS: you also will need NAT with route-map.

• Prioritize traffic based on destination IP?

  Hi all, we're looking to use an ASA5505 or 5510 as our firewall but want to see if one of them can help us prioritize traffic. I know it does QoS but we're wanting to dedicate x amount of our bandwidth to traffic based on destination IP address. Is that possible and does it take a license upgrade?
  Thanks!

  Jerry, i would try something like in the second config example I mentioned. keep in mind, if ISP doesn't support marking packets, it may be hard to QoS inbound. if you assign the VOIP traffic high priority, it should go out interface first during congestion. Don't need to dedicate a certain amount of bandwidth in any way. Make sure in the design to keep the VOIP traffic, VPN traffic and User PAT (outbound NAT) traffic on separate IP's. That will help when defining the access-lists. This QoS stuff is kind of tricky and is bit confusing. I have setup a few configs according to the above examples and they _seem_ to work. I ran a policing queue on the edge router for traffic leaving to ASA, and ran a priority queue on the ASA. When i test big download from a major site, which could consume all bandwidth, it doesn't appear to clobber VOIP traffic. The same results apply, when I test a big upload to internet. The QoS stuff is tricky though, and i _didn't_ see what I expected when i use the show QoS commands to see traffic drops, etc. so YMMV!
  Take a look at this link for ASA 7.X release, which may give you some ideas:
  "QoS based on ACL with VPN Configuration" You can change ACL to include the outside interface IP as long as you have separated the NAT's, VPN, etc. like i mentioend earlier.
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
  Will

• How i can route the traffic based on destination address ?

  Dears,
  As you can see in the image i have two different setups.
  ISP A setup is completely dedicated for Production & ISP B setup is dedicated for whole staff internet.
  Below is the network information;
  Firewall:
  GigE0/0 - PUBLIC IP (PAT)
  GigE0/1 - 192.168.0.1/24  no dhcp
  ISP B Router:
  ATM 0 - PUBLIC IP (PAT)
  FaE0/0 - 192.168.0.2/24
  FaE0/1 - 192.168.92.1/24 dhcp
  Servers - 192.168.0.xxx/24
  Clients - 192.168.92.xxx/24
  All the clients have internet access through ISP B.
  If a client wants to connect to any of the server, what kind of configuration is required on ISP B rotuer. I though of route-maps or doing a static routing between Firewall & ISP B Router but i am not sure which is the best practice to do so.
  Kindly suggest with some suitable solutions.
  Regards
  @Mohammed

  Hi Shareef,
  Below is the example of PBR.
  ip access-list extended Redirect_PBR
  permit tcp host 192.168.92.10 host 192.168.0.10 eq 443
  permit tcp host 192.168.92.10 host 192.168.0.10 eq 21
  etc
  route-map Client_Server permit 10
   match ip address Redirect_PBR
   set ip next-hop 192.168.0.1 (Server LAN)
  int Fa E 0/1
  ip policy route-map Client_Server
  You can have the required filtered rule created as an ACL... you can restrict how ever you wan't.  Map that ACL to the route map and set a next hop to needed routing point. Then finally map that ACL to the interface of the router. In this case every traffic mentioned in route map and access-list will follow the PBR rule. All other traffic will route as usuall with the default route.
  Hope this helps
  Regards
  Karthik

• Re: Need to route traffic. 2 instances 00. Can I use SapRouter?

  Hi All:
  I have DEV and QAS sitting behind a linksys router. Both SIDs are on their own instance 00 on seperate hosts. From the internet (there is only 1 public IP) I want to be able to connect to either machine using SAPGui...i.e.; logon and work either in DEV or QAS.
  Is this possible (SAPRouter?)?
  If so please say how (details or link)...
  Thanks
  T.

  Hi.
  On 26.02.2011 00:06, ketchukf wrote:
  >
  > Hi experts. I need to send encrypted e-mail to another domain. The mail
  > server they list in DNS does not support encryption so I need to send to
  > a different server there that does. They gave me 2 ip addresses - can I
  > list them both for a domain in route.cfg? Something like this -
  >
  > joeblow.com [1.2.3.4] [1.2.3.5]
  >
  > Or...
  >
  > joeblow.com [1.2.3.4]
  > joeblow.com [1.2.3.5]
  >
  > Thanks.
  I don't think so, no, although probably nobody ever tried it.
  The only option I could think of is setting up their domain in your own
  DNS server and define two mx records there. A tad nasty, but doable.
  CU,
  Massimo Rosen
  Novell Product Support Forum Sysop
  No emails please!
  http://www.cfc-it.de

• Routing based on destination IP and traffic type

  Is it possible to route traffic based on the destination IP and the type of traffic?
  ASA5512
  Software 9.2.1
  We have an ASA 5512 that is used as a VPN termination point. Our employees connect from one of our customer sites to this VPN point. The customer also hosts services on the same IP address that our employees use to access our VPN on.
  What I want to do is to use a different route for certain traffic to take to get to these other services provide by our customer, for instance they offer an FTP site and I want to use a different route to get our internal users to this FTP site. Is this possible to achieve?
  Any help would be greatly appreciated.
  Murray

  Technically speaking the ASA doesn't do policy based routing.  However, you might be able to simulate something similar to PBR by using a combination of static routes and NAT.
  If you describe your Network setup, ASA, and how the alternate route is connected to your customer, we might be able to help you better.
  Please remember to select a correct answer and rate helpful posts

• Route Traffic to down a specfic link

  I need to route traffic that is sourced from 10.1.50.0 network down link 1. Currently all traffic goes down Link 2. I want all traffic except 10.1.50.0 network to still use Link 2 as primary. What would be the best approach a static route for the 10.1.50.0 network or some type of policy map or something else? Thanks for the help

  Thanks for the reply. I created the access list and policy map from above but can not put the policy map on the VLAN interface. The commands are there but when I verify by looking at the interface it is not there. It is a 3750 G with IPSERVICES IOS. Any ideas? Thanks
  Standard IP access list 50
  10 permit 10.2.50.0, wildcard bits 0.0.0.255 log
  sh route-map
  route-map **VLAN250**, permit, sequence 10
    Match clauses:
      ip address (access-lists): 50
    Set clauses:
      interface GigabitEthernet2/0/1
    Policy routing matches: 0 packets, 0 bytes

• Policy based routing on VRF interfaces to route traffic through TE Tunnel

  Hi All,
  Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
  The tunnel is already build up with these below config
  interface Tunnel25
  ip unnumbered Loopback0
  tunnel destination 10.250.16.250
  tunnel mode mpls traffic-eng
  tunnel mpls traffic-eng path-option 10 explicit name test
  ip explicit-path name test enable
  next-address x.x.x.x
  next-address y.y.y.y
  router ospf 1
  mpls traffic-eng router-id Loopback0
  mpls traffic-eng area 0
  mpls traffic-eng tunnels
  nterface GigabitEthernet5/2
  mpls traffic-eng tunnels
  mpls ip
  Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
  We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
  Any help would be really appreciated
  Thanks
  Regards
  Anantha Subramanian Natarajan

  hi Anantha!
  I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
  But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
  So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
  You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
  For your second question, the answer would be easy :
  If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
  If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
  Regards,
  Niranjan

• Route to WSA based on destination

  Dear
  I need to purchase two Iron port box  one for ADSL line and second for Leased Line
  My aim Is when user open busineed site is go through Leased line and when open Un Business Site is go to ADSL
  I need soultion  to achive this ?
  and i can predfine the Business and un business Site  ?

  Hello,
  Unfortunately the WSA cannot control which requests get sent to it, it simply listens for traffic coming to its interface on specific ports (80, 3128, 21, 443). When it comes to specific URLs being routed to one WSA or another it will require that you have a device that can inspect the traffic at Layer 4 (HTTP/HTTPS/FTP) and make a routing decision based on the URI in the HTTP header.
  You could add a 3rd WSA to route the traffic using an upstream proxy configuration. You would use proxy groups and routing policies to match Custom URL categories or predefined URL categories to send to one of the two upstream proxies.
  Other than adding an additional device to route the traffic, you could look into Policy based routing or using multiple WCCP services  (one for each WSA) and creating an ACL to match the business sites IP addresses vs the non-business sites. This could become an issue as most websites use dynamic IP schemes.
  Hope this helps.
  Best Regards,
  Michael Hautekeete
  Customer Support Engineer
  Cisco Content Security - Web Security Appliance
  http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
  https://supportforums.cisco.com/community/netpro/security/web
  https://supportforums.cisco.com/community/feeds?community=2091

• HU routing to Staging area based on destination Storage type

  Hi Experts,
  I have a requirement where I need to route the HUs coming out from same VAS work center to the different staging areas according to the destination storage types.
  Say for example,
  VAS Workcenter - VAS1
  HUs completed out of the VAS1 workcenter should be put away into the destination storage types (RS11, RS12, RS13, RS14) through the staging areas (ST11, ST12, ST13, ST14 respectively)
  Any ideas how to achieve this through customizing to route the HUs through relevant staging areas ( VAS1 -> ST11 -> RS11,  VAS1 -> ST12 -> RS12, etc..,)
  Rgds
  -Shravan

  Thanks to everyone for your response.
  Regarding Juergen's questions, here I am talking about the inbound process
  RSXX are final storage types, where the materials will be finally put away
  Staging area(work center) is used for inbound where we consolidate the materials going to same storage type (building), to the one trolley
  The product put away WT is created when we complete the HU in the staging area workcenter (Final step IBS1 in the process), so we are not able to know to which storage type the product will be moved, until the HU is completed in the staging work center.
  Rgds
  Shravan

• 1 server, 2 networks how to route traffic to both

  Hi i have NW65SP7
  what i'm trying to do is
  1. to have users come in thru the data network (192.168.0.0) and the traffic
  go back out thru the default gateway (192.168.0.1) and
  2. i want LDAP traffic to go in thru the other network (10.1.0.0) and
  backout thru the same networks gateway (10.1.0.1).
  1. works fine and all seems to go up and down the right network, however 2.
  comes down 10.1.0.0 and backout thru the default gateway on 192.168.0.1. I
  don't\can't have this as the firewall rejects the packet as the source and
  destination networks are different ie. the fw sees the packet come in thru
  10.1.0.0 but when the server sends it back out thru 192.168.0.0 the firewall
  rightly drops it
  How do i get 2. to work as i want, can this even be done on NW.
  What i've done so far is
  a. enabled Static Routing
  b. created a default route (192.168.0.1) with a metric of 2
  c. created a network route for 10.1.0.0 (10.1.0.1) with a metric of 1

  "Thorsten Kampe" <[email protected]> wrote in message
  news:[email protected]...
  >* Steven Lim (Mon, 08 Dec 2008 01:57:27 GMT)>
  >> ok i'll try again but i thought that i did expalin it so i'm not sure how
  >> my
  >> second attempt will go ;)
  >
  > Is the NetWare server the router? Which addresses do the server's
  > interfaces have? Which default gateway do the hosts in the network have?
  > Any static routes?
  No the netware server is not the router
  The server has 1 interface but two vlans trunked to the one interface, each
  vlan has a separate IP. I can ping each IP on each of the trunked vlans
  fine. I'm using Broadcom Q57 NICS and the QASP\BASP advanced driver to
  support the trunked vlans. Don't let that confuse the issue though..it's
  basically the same as having two nic interfaces connected to two seperate
  networks in this case lets say 192.168.0.10 and 10.0.0.10
  Just so we're on the same page, we have a very large routed network with
  over 250 subnetworks with 4 10G interconnected core routers each with a 10G
  distribution routers, buildings\user\server networks hang of the
  distribution routers . Client machines are distributed accross the network
  and are not on the same vlan\subnet as the servers.
  A server on 192.168.0.0 will have a default gateway of 192.168.0.1 and
  servers on 10.0.0.0 will have a default gateway of 10.0.0.1 there are no
  clients machines on these subnets....btw we don't really have a 192.168.0.0
  network..i'm just using this as an example.
  The NW server has 1 static route configured as the default gateway on
  192.168.0.1...and i've been trying to work out how to configure another
  static route to make sure that all incoming and outgoing traffic for
  10.0.0.0 stays on 10.0.0.0 or whatever else i need to do to get it working
  >> i have two networks 192.168.0.0 and 10.0.0.0
  >>
  >> 1. I want all traffic that originates from 192.168.0.0 to go back thru
  >> the
  >> 192.168.0.0 gateway on 192.168.0.1 (currently the default gateway
  >> configured
  >> in inetcfg static routing table).
  >
  > In case the NetWare server is the router you only have to enable routing
  > - the server's default gateway is completely irrelevant for that. Of
  > course the hosts in the networks have to have the router as the default
  > gateway (or a static route).
  Clients are fine, lets say that they are on 192.168.1.0 to 192.168.255.0 and
  they have default gateways on their subnets the go thru x.x.x.1 (eg.a
  192.168.1.0 machine will have a default gateway of 192.168.1.1 and a
  192.168.2.0 machine will have a default gateway of 192.168.2.1 etc)
  >> 2. I want all ldap traffic, in my case this will be ldap port 389 and
  >> 636,
  >> that originates from network 10.0.0.0 to go back thru the gateway
  >> 10.0.0.1.
  >
  > Routing is not (application) protocol specific. You can either route all
  > IP packets or none a certain route. Please have a look at the routing
  > table of your computer to see what I mean.
  Yes i understand that routing is not application\protocol specific
  When you say "have a look at the routing table" i assume you mean the
  netware server....i've done that using TCPCON..i can see the issue..just not
  sure how to get it to do what i want
  > Also what you might want is called source routing[1] and this is mostly
  > blocked because it opens a huuuuge security hole.
  >
  >> This is required because the firewall requires that if a response is
  > to go
  >> out to a client then then it must go out over the same network that it
  >> originated from. This is the part that's not currently working. At the
  >> moment the query comes in from 10.0.0.0 and the response tries to goes
  >> out
  >> via the deafult gateway on 192.168.0.1 the firewall blocks the outgoing
  >> traffic....basic stuff!!!
  >
  > I wonder where and how you put that firewall if you have only two
  > subnets and one router. Is this Bordermanager on the NetWare server?
  See above re. the network...the firewall\s are blades within the core
  routers and support virtual firewalls that can be applied to any part of the
  distribution\access layer of the network.
  Does that make any more sense???
  > Thorsten
  > [1] http://en.wikipedia.org/wiki/Source_routing

• Prioritise traffic based on IP subnet

  I'm currently using an Avaya IP Office VoIP solution and I want to introduce a Cisco 2600 to replace the WAN units. I've been told that I will need a QOS switch or have two Lan ports on the router to create two subnets (1 for Data & 1 for VoIP).
  If I decide to use 2 lan ports instead of installing a QOS switch can someone tell me if this solution is viable and if it is how would I proritise the traffic based upon the IP subnet.

  If you are going to place the phones on a single subnet and connect them to a dedicated router interface with no other devices (PCs, printers etc) you should get away without any QoS because all the data on that subnet will be voice bearer, voice signaling and network management with voice bearer being by far the majority of the traffic. Your greatest concern for voice quality should be aimed at the WAN link. You will need to ensure that you have QoS between sites and this will be dependent on the type of WAN link employed.

• Do I need a router or access point / bridge?

  Hi.  We have a MS small bus server with a software firewall.  It does dhcp and routes traffic so we don't need the router part of the router.
  Wireless  N access is needed.  Will a DAP 1522 (Wireless N access point / switch) offer the same wireless performance as a Linksys wireless N router?
  I just bought the DAP access point and am getting 100-130 mb/s with a strong signal.  Would the router work better with its giant antennae?
  Nick

  DAP 1522 is a good acess point. It  lets you connect up to 4 Ethernet-enabled devices such as set top boxes, game consoles, or computers to an existing Wi-Fi network for on-demand broadcast, online gaming, or media streaming throughout the home.
  With dual-band wireless capabilities, the DAP-1522 is ideal for wireless HD video streaming and gaming applications because entertainment content can be sent over the less crowded 5GHz band.
  The DAP-1522 can also be used to create a new 802.11n wireless network using its Access Point feature. Simply connect it to an existing wired or wireless router, and you'll enjoy greater range and data speeds in seconds.

• Routing Message based on FileName

  Hi all,
            I hav a scenario where I need to route the file based on the file name.
           for eg: if the 10th char of the filename is 'A' then it has to be placed in Location 1
                        if the 10th char of the filename is 'B' then it has to be placed in location  2.
       Both sender and receiver are file adapters.
       I thought of using condition in Intrface Determination (Context object) , but got stuck since I have to comapare only the 10th char not all the characters since other characters are dynamic.
  Note: This is a pass through Interface and no mapping is involved.
  Thanks,
  Siva

  Hi,
        I am using Context Object functionality for routing purpose.
       In XPath we can use SubString Function but we can not use the same Function in Context Object.
       Is there any workaround for this.
  Thanks,
  Siva