Policy Based Routing Example
2016-03-22
Example
In this case we have one local network 172.17.97.0/24, which needs to reach local networks 10.10.10.0/23 and 10.10.12.0/24 over a VPN, which is connected to tunnel.43. We are using PBR because we already have a remote partner VPN network using 10.10.10.0/24, which would collide. The Customer's local network is on local interface redundant2.33.set vrouter "Public-VR" set access-list extended 25 src-ip 172.17.97.0/24 dst-ip 10.10.10.0/23 protocol any entry 1 set access-list extended 25 src-ip 172.17.97.0/24 dst-ip 10.10.12.0/24 protocol any entry 2 set match-group name Customer-Outbound set match-group Customer-Outbound ext-acl 25 match-entry 1 set action-group name CustomerVPN set action-group CustomerVPN next-interface tunnel.43 action-entry 1 set pbr policy name CustomerVPN-PBR set pbr policy CustomerVPN-PBR match-group Customer-Outbound action-group CustomerVPN 1 exit set interface redundant2.33 pbr CustomerVPN-PBR
no comments |
post comment
Virtual Dave Megaplex:
Home Page- This wiki's start page
- Send Feedback To Dave
Logged in Users: (0)
Recently Changed
nmap- Seconds Since Epoch to Local Time
- Link Monitor
- DH group to OAKLEY_GROUP table
- Fire Eater
- start
- FortiClient Error Codes
- Scan For Newly Added Disk
- dhparams Generation
- SSL Certificate Bundles
- ufw
- Grow A LVM Partition
- Creating Users
- whoami
- list databases
- DH Selection For IPsec VPNs
- 2023
- 2022
- 2019
- 2018
- 2017
- 2011
- 2010
- 2008
- 2001
- 2000
- 1999
- 1991
- Custom '77 Dodge Van
- Bone Shaker
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.