Prioritize traffic based on destination IP?

Similar Messages

• Need to route traffic based on destination to 2 different routers

  I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
  The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
  I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
  The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
  I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
  I am sure I am just missing something silly.
  Here are the relevant portions of the config:
  interface GigabitEthernet0/0/1
   ip address 172.31.0.20 255.255.254.0
   ip nat inside
   ip policy route-map Test
   negotiation auto
   vrrp 1 ip 172.31.0.1
   vrrp 1 priority 105
  interface GigabitEthernet0/0/1.2
   encapsulation dot1Q 2
   ip address 10.10.48.12 255.255.255.224
   ip nat inside
   ip access-group 199 in
   vrrp 1 ip 10.10.48.3
   vrrp 1 priority 105
   vrrp 2 priority 105
   no cdp enable
  ip route 0.0.0.0 0.0.0.0 10.10.48.1
  ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
  access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
  access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
  access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
  route-map Test permit 19
   match ip address 116
   continue 20
   set ip next-hop 172.31.1.3
  route-map Test1 permit 20
   set ip next-hop 10.10.48.15
  Thanks in advance.
  Burton Hallman

  Firstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
  That aside in terms of your PBR -
  1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
  2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
  Jon

• How i can route the traffic based on destination address ?

  Dears,
  As you can see in the image i have two different setups.
  ISP A setup is completely dedicated for Production & ISP B setup is dedicated for whole staff internet.
  Below is the network information;
  Firewall:
  GigE0/0 - PUBLIC IP (PAT)
  GigE0/1 - 192.168.0.1/24  no dhcp
  ISP B Router:
  ATM 0 - PUBLIC IP (PAT)
  FaE0/0 - 192.168.0.2/24
  FaE0/1 - 192.168.92.1/24 dhcp
  Servers - 192.168.0.xxx/24
  Clients - 192.168.92.xxx/24
  All the clients have internet access through ISP B.
  If a client wants to connect to any of the server, what kind of configuration is required on ISP B rotuer. I though of route-maps or doing a static routing between Firewall & ISP B Router but i am not sure which is the best practice to do so.
  Kindly suggest with some suitable solutions.
  Regards
  @Mohammed

  Hi Shareef,
  Below is the example of PBR.
  ip access-list extended Redirect_PBR
  permit tcp host 192.168.92.10 host 192.168.0.10 eq 443
  permit tcp host 192.168.92.10 host 192.168.0.10 eq 21
  etc
  route-map Client_Server permit 10
   match ip address Redirect_PBR
   set ip next-hop 192.168.0.1 (Server LAN)
  int Fa E 0/1
  ip policy route-map Client_Server
  You can have the required filtered rule created as an ACL... you can restrict how ever you wan't.  Map that ACL to the route map and set a next hop to needed routing point. Then finally map that ACL to the interface of the router. In this case every traffic mentioned in route map and access-list will follow the PBR rule. All other traffic will route as usuall with the default route.
  Hope this helps
  Regards
  Karthik

• Routing based on destination IP and traffic type

  Is it possible to route traffic based on the destination IP and the type of traffic?
  ASA5512
  Software 9.2.1
  We have an ASA 5512 that is used as a VPN termination point. Our employees connect from one of our customer sites to this VPN point. The customer also hosts services on the same IP address that our employees use to access our VPN on.
  What I want to do is to use a different route for certain traffic to take to get to these other services provide by our customer, for instance they offer an FTP site and I want to use a different route to get our internal users to this FTP site. Is this possible to achieve?
  Any help would be greatly appreciated.
  Murray

  Technically speaking the ASA doesn't do policy based routing.  However, you might be able to simulate something similar to PBR by using a combination of static routes and NAT.
  If you describe your Network setup, ASA, and how the alternate route is connected to your customer, we might be able to help you better.
  Please remember to select a correct answer and rate helpful posts

• Route decisions based on destination TCP port with EIGRP

  Need information and plausibility on making routing decisions within EIGRP based on different destination TCP port.  I have a third party partner that we communicate too and they are adding a second location which we will connect too.  They are wanting to use the same destination host IP but make route decision based on destination TCP port; i.e. if we target tcp 6123 they want us to route down link A to site A, if we target tcp 7123 we would route down link B to site B.  I have never had to make that happen so I am looking into whether it actually can and if so what is basic configuration to pursue.  We use static IP routes to/from them today and will in the future at the edge, those are distributed internally to our EIGRP.  Can EIGRP make decisions based on IP and Port?

  No routing protocol makes decisions based on port number as far as I know.
  You need to look into PBR (Policy Based Routing) for this where you can use acls to define the route that traffic takes.
  Depending on your connections you may well need to use tracking as well but it depends.
  If the only reason to use EIGRP is for these connections you probably don't need it as with PBR you are overriding the routing table anyway but you may want to run it for other connectivity.
  If you do a search on PBR you should find quite a few examples but if you get stuck then by all means come back.

• Possible to Route Traffic Based on AVC?

  Is it possible to route traffic, based on the Application Visibility Control functions that specific Cisco routers are capable of?  Here's my issue:  I have two ISP's.  One is at about 120% utilization.  The other isn't doing anything.  I can specify ip routes based on IP addresses.  For instance, I can ip route 173.252.110.27 255.255.255.255 10.x.x.x to point to our ISP2 firewall, which is our non-utilized provider, for Facebook traffic.  The problem is that sites like this have massive public subnets, so I won't be able to capture all of the traffic destined to Facebook.  Is there a way to route traffic based on application?  I know that Palo Alto firewalls have a way to do Policy Based Forwarding, based on application.  I was wondering if the same was possible with AVC.  Thanks for any help.

  Hello.
  Yes, it's possible and, actually, you have 2 ways.
  1. use manual load-balanace between links.
  2. use PfR to load-balance traffic automatically.
  PS: you also will need NAT with route-map.

• (AVC) Is there Any way to prioritize traffic from wireless client (laptop in my case) to AP

  Is there any way to prioritize traffic from wireless client (laptop in my case) to AP …. if i explain the issue in a broad way there is no congestion going on in wired network. When multiple users connect to real presence and all share the same AP. they get real-time output over the call BUT if someone start file-transfer over the same AP the real presence call voice/video get stuck.
  I applied the AVC feature on WLC but as i tested, i think prioritization from my laptop to AP will not happen and the situation remains same.
  Please share if there is any way to prioritize traffic from wireless client (Laptop) to AP only ?

  Hi Vinod,
  Here is the AVC & QoS interaction for upstream & downstream traffic. For downstream it is important you have configured your WLAN with correct QoS profile & 802.1p values as that play a role even though you marking traffic using AVC.
  Upstream1. Packet comes with or without inner DSCP from wireless side (wireless client).2. AP will add DSCP in the CAPWAP header that is configured on WLAN (QoS based config).3. WLC will remove CAPWAP header.4. AVC module on the controller will overwrite the DSCP to the configured marked value in the AVC profile and send it out.Downstream 1. Packet comes from switch with or without inner DSCP wired side value.2. AVC module will overwrite the inner DSCP value.3. Controller will compare WLAN QoS configuration (as per 802.1p value that is actually 802.11e) with inner DSCP value that NBAR had overwritten. WLC will choose the lesser value and put it into CAPWAP header for DSCP.4. WLC will send out the packet to AP with QoS WLAN setting on the outer CAPWAP and AVC inner DSCP setting.5. AP strips the CAPWAP header and sends the packet on air with AVC DSCP setting; if AVC was not applied to an application then that application will adopt the QoS setting of the WLAN.
  I am not sure which controller software version you are running. From AVC perspective, it is good if you could install latest NBAR protocol pack (4.1 for WLC 7.5.x code or 6.3 for WLC 7.6.x code) on your controller.
  Here is the 7.5.x AVC deployment guide which should help you on this
  http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/AVC_dg7point5.html
  Like others mentioned, it is very little you can do with respect to upstream direction as AVC kicks in only when traffic hits WLC & not at the AP level.
  HTH
  Rasika
  **** Pls rate all useful responses  ****

• Prioritise traffic based on IP subnet

  I'm currently using an Avaya IP Office VoIP solution and I want to introduce a Cisco 2600 to replace the WAN units. I've been told that I will need a QOS switch or have two Lan ports on the router to create two subnets (1 for Data & 1 for VoIP).
  If I decide to use 2 lan ports instead of installing a QOS switch can someone tell me if this solution is viable and if it is how would I proritise the traffic based upon the IP subnet.

  If you are going to place the phones on a single subnet and connect them to a dedicated router interface with no other devices (PCs, printers etc) you should get away without any QoS because all the data on that subnet will be voice bearer, voice signaling and network management with voice bearer being by far the majority of the traffic. Your greatest concern for voice quality should be aimed at the WAN link. You will need to ensure that you have QoS between sites and this will be dependent on the type of WAN link employed.

• How do I NAT based on destination port while source port can be ANY

  Goal - I want to forward Internet bound HTTP and HTTPS traffic  to a Proxy via an IPSEC Tunnel - I want to maintain my private IP as it goes accross the IPSEC Tunnel - I also want remaining Internet Traffic to route Normally by NATing to my outside address.
  In 8.4 this is quite easy as I can specify a destination port and have "any" source port for the NAT
  Here is a snap shot of the config:
  object service Proxy_HTTP
  service tcp destination eq www
  object service Proxy_HTTPS
  service tcp destination eq https
  nat (inside,outside) source static any any service Proxy_HTTP Proxy_HTTP
  nat (inside,outside) source static any any service Proxy_HTTPS Proxy_HTTPS
  object network Non_Proxy
  nat (any,outside) dynamic interface
  PROBLEM: I need this behavior in 8.2.x  - I have found no way to mimic this.
  You cannot use NAT Exemption as it cannot be port based
  A static policy NAT with Access list will not work as you must specify a single source port - Since there is no way to predict the source port this wont work.
  I don't see any of the other NAT Types working this way.
  If there is a way to make this work in 8.2 please let me know - We have many ASAs and we are not ready to make the leap to 8.4 but we need to use the proxy.

  Karen-
  Results: Did not work. The web based shortcuts did not appear.
  Below is the steps taken with your tips incorporated. (Again it's lengthy sorry about that, but anyone can recreate what was done here. Maybe someone can see something left out by doing/reviewing it).
  Here is what was done:
  1. Installed a fresh install of Windows 8.1 enterprise on a pc. No updates were ran.
  2. During setup created the admin account.
  3. Logged into the account a simple start screen was arranged and setup by:
  Starting desktop Internet Explorer. Going to Technet's website. Clicked tools and then selecting "Add site to Apps" from the drop down menu. Went to Apps screen, right clicked and pinned it to start screen. Repeated this procedure with an
  educational web based site.
  Right clicked a few provisioned apps and unpinned them from the start screen.
  Made a few groups and labeled them. Web based shortcuts were arranged with one provisioned app in that particular group.
  4. Opened a Powershell, right clicked it and ran as administrator. Typed the following:
  export-startlayout -path C:\Users\Public\Master.xml -as xml
  (Master is the name chosen for this test .xml file and was put in a location all users would have privelages to access it).
  5. Opened the command prompt and right clicked and "ran as administrator", typed in gpedit.
  6. In the Local Group Policy under User Configuration, under Start Menu and Taskbar I choose the Start Screen Layout.
  7. Enabled the policy and typed in: C:\Users\Public\Master.xml for the Start Layout File.
  8. Opened computer management, under Local Users and Groups I chose Users, right clicked in the middle screen and created a new user called Alpha.
  9. Logged out of the inital account and logged into newly created Alpha account.
  10. When the Alpha account logged in the start screen came up with everything changed in the inital account but no web based shortcuts were found on the start screen or App view.

• Forwarding Traffic based on Domain name(Google).

  Hello ,
  Please let me know if this is possible.
  I have a asa5520 firewall with 8.2 version.I have two ISP's coming into my firewall for Internet. Currently I am forwarding all my traffic to one of the ISP. I would like to forward only traffic to Google to the second ISP. The reason I am trying to do this is Google reports my primary IP. The message users get is "
  When Google detects that a computer or phone on your network may be sending automated traffic to Google we may show the following message: "Our systems have detected unusual traffic from your computer network." after this message users will have to enter a captcha code.
  This is an intermittent issue. I would like to test it by forwarding only google traffic to my second ISP. I cannot forward all the traffic to my secondary IPS the reason is I am having site to site tunnels going on my default primary route and If I do it all my tunnels would go down.
  Any help regarding this issue or workaround would be appreciated.
  OR if I can actually find an IP/user on my inside network which is generating hight traffic to google which is resulting in entering the captcha code and sometimes opening multiple tabs. or if I can ratelimit to allow fixed number of connections to google.
  Thanks.

  Hello,
  First of all the ASA does not support PBR so thats our first wall.
  There are some tweaks that we could do with NAT but that would be based on the destination IP address. In this case you will be trying to do the NAT based on the FQDN which does not work.
  You will need to determine all of the IP address of google (I know..I know ) and then configure the NAT policies to tweak the Firewall behavior.
  How does this sound to you?
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• Cisco asa traffic flow with destination nat

  Hi Folks,
                     Can anybody comment on the below.
  1.  in source natting (inside users accessing internet), first the NAT will happen then the routing will happen. I agree with this..
  2. in destination natting (outside users accessing inside server on public ip), what will happen first, NATTING or Routing. I am looking forward to hear an explanation.
  regards
  Rajesh

  The ASA will always apply NAT based on the order of the NAT table (which is directly derived from the running configuration), which can be viewed with 'show nat detail'. It takes the packet and walks down the table in order of the entries programmed into the table, looking for the first rule that has a matching interface(s) and matching IP subnets/ports that apply to the packet in question; at that point the NAT translation is applied and further processing stops.
  The NAT phase that you show highlighted reflects the stage where the packet's IP headers in an existing connection are re-written by NAT; it is not the exact phase where the egress interface selection is overridden by the translation table.
  That order of operations slide is really quite simplified, and intentionally missing some steps because I just don't have time to go over the nuances of NAT during the general troubleshooting presentation that the picture was pulled from.  On the next slide titled "Egress Interface", I do explain that NAT can override the global routing table for egress interface selection. This order of operations is somewhat "rough", and there are corner cases that can make the order of operations confusing.
  The confusion here probably stems from the doubt about which comes first when selecting egress interfaces, routing or NAT. Hopefully with my explanation below, you'll have the missing pieces needed to fully explain why you see the seemingly inconsistent behavior. Please let me know what is unclear or contradictory about my explanation and I'll try and clear it up. I would also appreciate your suggestions on how to simply and clearly show these steps on a slide, so that I can improve how we deliver this information to our customers. Anyway, on to the explanation...
  The short answer:
  The NAT divert check (which is what overrides the routing table) is checking to see if there is any NAT rule that specifies destination address translation for an inbound packet arriving on an interface. 
       If there is no rule that explicitly specifies how to translate that packet's destination IP address, then the global routing table is consulted to determine the egress interface.
       If there is a rule that explicitly specifies how to translate the packets destination IP address, then the NAT rule "pulls" the packet to the other interface in the translation and the global routing table is effectively bypassed.
  The longer answer:
  For the moment, ignore the diagram above. For the first packet in the flow arriving inbound on an ASA's interface (TCP SYN packet for example):
  Step 1: un-translate the packet for the Security check: Check the packet's headers for matching NAT rules in the NAT table. If the rules apply to the packet, virtually un-NAT the packet so we can check it against the access policies of the ASA (ACL check).
       Step 1.A: ACL Check: Check the un-translated packet against the interface ACL, if permitted proceed to step 2
  Step 2: Check NAT-divert table for global routing table override: In this step the ASA checks the packet and determines if either of the following statements are true:
       Step 2 check A: Did the packet arrive inbound on an interface that is specified as the global (aka mapped) interface in a NAT translation (this is most common when a packet arrives inbound on the outside interface and matches a mapped ip address or range, and is forwarded to an inside interface)?
     -or-
       Step 2 check B:  Did the packet arrive inbound on an interface that is specified as the local (real) interface in a NAT translation that also has destination IP translation explicitly specified (this is seen in your first example, the case with your NAT exempt configuration for traffic from LAN to WAN bypassing translation)?
       If either of these checks returns true, then the packet is virtually forwarded to the other interface specified in the matching NAT translation line, bypassing the global routing table egress interface lookup; Then, a subsequent interface-specific route lookup is done to determine the next-hop address to forward the packet to.
  Put another way, Step 2 check B checks to see if the packet matches an entry in the NAT divert-table. If it does, then the global routing table is bypassed, and the packet is virtually forwarded to the other (local) interface specified in the nat translation. You can actually see the nat divert-table contents with the command 'show nat divert-table', but don't bother too much with it as it isn't very consumable and might be mis-leading.
  Now lets refer to the specific example you outlined in your post; you said:
  route ISP-1 0.0.0.0 0.0.0.0 1.1.1.1 1
  route ISP-2 0.0.0.0 0.0.0.0 2.2.2.1 254
  nat (LAN,ISP-1) after-auto source dynamic any interface
  nat (LAN,ISP-2) after-auto source dynamic any interface
  Now lets say that there is a connection coming from behind LAN interface with the source IP address 10.10.10.10 destined for 8.8.8.8 on destination port TCP/80. The flow chart would seem to indicate (with the above information/configuration in mind) that a NAT would be done before L3 Route Lookup?
  The packet you describe will not match any nat-divert entries, and the egress interface selection will be performed based on the L3 routing table, which you have tested and confirmed. This is because the packet does not match Step 2 checks A or B.
  It doesn't match Step 2 Check A because the packet did not arrive inbound on the mapped (aka global) interfaces ISP-1 or ISP-2 from the NAT config lines. It arrived inbound on the local (aka real) interface LAN.
  It doesn't match Step 2 Check B because these NAT rules don't have destination IP address translation explicitly configured (unlike your LAN to WAN example)...therefore the ASA won't match a divert-table entry for the packet (actually you'll see a rule in the divert table, but it will have ignore=yes, so it is skipped).
  Message was edited by: Jay Johnston

• CSS Bypassing farm traffic based on matching HTTP header

  Hi,
  I am trying to find out whether the CSS is able to bypass specific traffic.
  I have an existing content to match all HTTP and send to a farm. However, there are some HTTP flows i dont want to goto the farm, i just want CSS to route them onward to the destination. These specific HTTP packets are differentiated by the host field in the header. What config is needed to allow these host annotated packets to bypass the serverfarm?
  Thanks
  Alan

  Hi Gilles,
  Thanks for your response. The only thing you may have misread is that i need to select the host header field, as the URL's may not have host part in them, ie. raw http, not proxied. I guess then i need a header match rule linked to the new content, instead of the URL filter you mentioned.
  BR
  Alan

• Changed source address based on destination IP

  Hello,
  Suppose I had the following configuration in an IOS router
  interface <interface type/number>
   ip address 1.1.1.3 255.255.255.0 secondary
   ip address 1.1.1.2 255.255.255.0
  ip route 0.0.0.0 0.0.0.0 1.1.1.1
  access-list standard INTERNET_BOUND_ACL
   permit <lan subnet-id> <lan wildcard>
  ip nat inside source list INTERNET_BOUND_ACL interface <interface type/number> overload
  I need to change the source inside global IP address based on the destination outside global IP address.
  Example: I need our source IP to be 1.1.1.3 when I ping 8.8.8.8
  How would i accomplish this?

  Hi,
  You would need to use two NAT pools and two different ACLs to separate your internal clients depending on the destination they want to communicate with, and to subsequently NAT them using a selected NAT pool. For example:
  ip access-list extended NAT_2
    permit ip <LAN Network> <Wildcard> <DestinationX> <WildcardX>
  ip access-list extended NAT_3
    permit ip <LAN Network> <Wildcard> <DestinationY> <WildcardY>
  ip nat pool NATPOOL_2 1.1.1.2 1.1.1.2 netmask 255.255.255.0
  ip nat pool NATPOOL_3 1.1.1.3 1.1.1.3 netmask 255.255.255.0
  ip nat inside source list NAT_2 pool NATPOOL_2 overload
  ip nat inside source list NAT_3 pool NATPOOL_3 overload
  Exactly one of the ACLs should actually contain an entry saying
  permit ip <LAN Network> <Wildcard> any
  to make sure that the internal network gets translated to some of the two public addresses even if itt does not communicate with any specific destination IP.
  Do you believe this could be a workable solution for you?
  Best regards,
  Peter

• Route to WSA based on destination

  Dear
  I need to purchase two Iron port box  one for ADSL line and second for Leased Line
  My aim Is when user open busineed site is go through Leased line and when open Un Business Site is go to ADSL
  I need soultion  to achive this ?
  and i can predfine the Business and un business Site  ?

  Hello,
  Unfortunately the WSA cannot control which requests get sent to it, it simply listens for traffic coming to its interface on specific ports (80, 3128, 21, 443). When it comes to specific URLs being routed to one WSA or another it will require that you have a device that can inspect the traffic at Layer 4 (HTTP/HTTPS/FTP) and make a routing decision based on the URI in the HTTP header.
  You could add a 3rd WSA to route the traffic using an upstream proxy configuration. You would use proxy groups and routing policies to match Custom URL categories or predefined URL categories to send to one of the two upstream proxies.
  Other than adding an additional device to route the traffic, you could look into Policy based routing or using multiple WCCP services  (one for each WSA) and creating an ACL to match the business sites IP addresses vs the non-business sites. This could become an issue as most websites use dynamic IP schemes.
  Hope this helps.
  Best Regards,
  Michael Hautekeete
  Customer Support Engineer
  Cisco Content Security - Web Security Appliance
  http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
  https://supportforums.cisco.com/community/netpro/security/web
  https://supportforums.cisco.com/community/feeds?community=2091

• Using OHS to redirect traffic based on intranet or internet URL

  Hello,
  we have a requirement where we have to launch our application on internet. Application is working fine on local intranet URL or internet URL but not working on both at same time.we have application developed with ADF and other fusion components.
  This is the topology we are using here :-
  SPS(secured proxy server to configure internet URL) --> OHS -> Managed server(1,2,3,4)
  We have to setup a URL redirect rule at OHS level where
  ---> if the incoming traffic is from intranet URL application work based on intranet URL's BUT
  -->if the traffic is coming from internet URL, OHS internally take care of URL redirect and work for external users too..
  Summery is, application should work for both internet and intranet URL, but pls note both the URL are different
  like
  intranet- https:\\abcd.intranet.xxx.com\abs\login
  internet - https:\\abcd.xxx.com\abs\login
  could someone pls help me on this and provide your valuable suggestion on how we can achieve this at OHS level...

  Thanks AMN,
  I was able to successfully get the redirect to work with the following Javascript code.
  In the folder: C:\OracleBI\oc4j_bi\j2ee\home\default-web-app
  I created the following OBIEE.html file
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html lang="en,us">
  <HEAD>
  <TITLE>Test OBIEE Redirect Page<TITLE>
  </HEAD>
  <BODY>
  <script type="text/javascript">
  var agent = (navigator.userAgent).toLowerCase();
  var weburl = './analytics/';
  var moburl = './analyticsMobile/';
  var reg_exp = /(ipod|iphone|android|opera mini|blackberry|palm os|palm|hiptop|avantgo|plucker|xiino|blazer|elaine|windows ce; ppc;|windows ce; smartphone;|windows ce; iemobile|up.browser|up.link|mmp|symbian|smartphone|midp|wap|vodafone|o2|pocket|kindle|mobile|pda|psp|treo)/;
  if( reg_exp.test(agent) ) {
       window.location = moburl;
  else {
       window.location = weburl;
  </script>
  </BODY></HTML>
  The javascript gets the USER agent and does a regular expression match to see if its any popular handheld device. If so, it redirects them to the mobile address. Otherwise the user is directed to the standard site.
  All I need to do is pass around the URL:
  http://localhost:9704/OBIEE.html
  And users will be dynamically sent to the correct location.
  Thanks!
  -Joe