For When You Can't Have The Real Thing
[ start | index | login ]
start > Netscreen > Policy Based Routing Example

Policy Based Routing Example

Created by dave. Last edited by dave, one year and 309 days ago. Viewed 1,877 times. #6
[diff] [history] [edit] [rdf]
labels
attachments
2016-03-22

Example

In this case we have one local network 172.17.97.0/24, which needs to reach local networks 10.10.10.0/23 and 10.10.12.0/24 over a VPN, which is connected to tunnel.43. We are using PBR because we already have a remote partner VPN network using 10.10.10.0/24, which would collide. The Customer's local network is on local interface redundant2.33.

set vrouter "Public-VR"
set access-list extended 25 src-ip 172.17.97.0/24 dst-ip 10.10.10.0/23 protocol any entry 1
set access-list extended 25 src-ip 172.17.97.0/24 dst-ip 10.10.12.0/24 protocol any entry 2
set match-group name Customer-Outbound
set match-group Customer-Outbound ext-acl 25 match-entry 1
set action-group name CustomerVPN
set action-group CustomerVPN next-interface tunnel.43 action-entry 1
set pbr policy name CustomerVPN-PBR
set pbr policy CustomerVPN-PBR match-group Customer-Outbound action-group CustomerVPN 1
exit
set interface redundant2.33 pbr CustomerVPN-PBR
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt