Cisco routing help
Discussion
Morning,
Having a spot of bother getting our Cisco router to well, er, route.
We have an external class c address. All fine and dandy, but we need to make a change to route part of it to another internal address.
For the sake of security let's use 192.168.1.0 as an example.
Existing firewall is .65
Router is .66
Currently everything is routed to .65, but we want .224 (subnetted to 255.255.255.240) to go to another address. Tried adding a new route but whatever i do it doesn't work.
Anyone got any clues?
Having a spot of bother getting our Cisco router to well, er, route.
We have an external class c address. All fine and dandy, but we need to make a change to route part of it to another internal address.
For the sake of security let's use 192.168.1.0 as an example.
Existing firewall is .65
Router is .66
Currently everything is routed to .65, but we want .224 (subnetted to 255.255.255.240) to go to another address. Tried adding a new route but whatever i do it doesn't work.
Anyone got any clues?
agent006 said:
Morning,
Having a spot of bother getting our Cisco router to well, er, route.
We have an external class c address. All fine and dandy, but we need to make a change to route part of it to another internal address.
For the sake of security let's use 192.168.1.0 as an example.
Existing firewall is .65
Router is .66
Currently everything is routed to .65, but we want .224 (subnetted to 255.255.255.240) to go to another address. Tried adding a new route but whatever i do it doesn't work.
Anyone got any clues?
I don't really understand the question. If you're doing something complicated on a Cisco device, the chances are you could do it a simpler/better way. Having a spot of bother getting our Cisco router to well, er, route.
We have an external class c address. All fine and dandy, but we need to make a change to route part of it to another internal address.
For the sake of security let's use 192.168.1.0 as an example.
Existing firewall is .65
Router is .66
Currently everything is routed to .65, but we want .224 (subnetted to 255.255.255.240) to go to another address. Tried adding a new route but whatever i do it doesn't work.
Anyone got any clues?
Could you explain further? I can't work out if you're trying to get the firewall to issue an ICMP redirect or route (neither of which it'll do) or tell the router to go against the settings on the local interface with a static route(which it won't do either).
I'm trying to send a small part of our external address range to a different destination to the rest of the range.
We have a new firewall that we need to test, but need to do it alongside the existing one.
I have a feeling this may be a bit too complex to explain without revealing more about our actual addressing scheme than i'm allowed to.
We have a new firewall that we need to test, but need to do it alongside the existing one.
I have a feeling this may be a bit too complex to explain without revealing more about our actual addressing scheme than i'm allowed to.
agent006 said:
I'm trying to send a small part of our external address range to a different destination to the rest of the range.
We have a new firewall that we need to test, but need to do it alongside the existing one.
I have a feeling this may be a bit too complex to explain without revealing more about our actual addressing scheme than i'm allowed to.
OK, then I'll let you do the homework. We have a new firewall that we need to test, but need to do it alongside the existing one.
I have a feeling this may be a bit too complex to explain without revealing more about our actual addressing scheme than i'm allowed to.
I've done something similar previously using policy based routing - http://www.cisco.com/en/US/tech/tk365/technologies...
Also make sure you've specified classless IP routing.
You can also change the administrative distance for connected networks to make it less desirable than your statics if you really have to (which I can't tell without more info).
D
Cheers for that. I'll have a read tomorrow morning. Sorry for being a bit vague, but my main problem is that i've inherited this config and it's rather strange in places which make changes like this more tricky than they should be. I'll post up more address range detail tomorrow too.
agent006 said:
Cheers for that. I'll have a read tomorrow morning. Sorry for being a bit vague, but my main problem is that i've inherited this config and it's rather strange in places which make changes like this more tricky than they should be. I'll post up more address range detail tomorrow too.
Ok - my current theory is that your routing table will have 2 entries; one for the connected network due to the IP and mask of the IP address assigned to the router and then your statics. The router will be choosing the connected network as it'll have a lower administrative cost than the static route so ignoring your attempts to change the routing.
Policy based routing is applied on interface ingress, so it could be useful in your environment to work around that.
agent006 said:
Morning,
Having a spot of bother getting our Cisco router to well, er, route.
We have an external class c address. All fine and dandy, but we need to make a change to route part of it to another internal address.
For the sake of security let's use 192.168.1.0 as an example.
Existing firewall is .65
Router is .66
Currently everything is routed to .65, but we want .224 (subnetted to 255.255.255.240) to go to another address. Tried adding a new route but whatever i do it doesn't work.
Anyone got any clues?
Diagrams are worth a thousand words.Having a spot of bother getting our Cisco router to well, er, route.
We have an external class c address. All fine and dandy, but we need to make a change to route part of it to another internal address.
For the sake of security let's use 192.168.1.0 as an example.
Existing firewall is .65
Router is .66
Currently everything is routed to .65, but we want .224 (subnetted to 255.255.255.240) to go to another address. Tried adding a new route but whatever i do it doesn't work.
Anyone got any clues?
If I understand what you are saying, you have a subnet outside that you route everything to, you have a subnet inside wich is in the range of the outside subnet but sits inside, is this on a VLAN internally?
How are you writing the route statement?
you will need to reverse the subnet, so, if it is simple it should read something like this:-
ip route 192.168.1.0 0.0.0.15 e0
You will also need to summarise the outside address to not include the internal address otherwise the router will not get to the second route, all traffic will be forwarded as it will hit the first routing statement.
However, it would be easier if you had a routing switch, set your routes up to the internal network as you want and have a gateway of last resort pointing to the router, you will want to use VLANs doing it this way.
Without a diagram I am guessing, but it is not hard to do.
All the best.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff