For When You Can't Have The Real Thing
[ start | index | login ]
start > Netscreen > Policy Based Routing Example

Policy Based Routing Example

Created by dave. Last edited by dave, 14 days ago. Viewed 1,081 times. #6
[diff] [history] [edit] [rdf]
labels
attachments
2016-03-22

Example

In this case we have one local network 172.17.97.0/24, which needs to reach local networks 10.10.10.0/23 and 10.10.12.0/24 over a VPN, which is connected to tunnel.43. We are using PBR because we already have a remote partner VPN network using 10.10.10.0/24, which would collide. The Customer's local network is on local interface redundant2.33.

set vrouter "Public-VR"
set access-list extended 25 src-ip 172.17.97.0/24 dst-ip 10.10.10.0/23 protocol any entry 1
set access-list extended 25 src-ip 172.17.97.0/24 dst-ip 10.10.12.0/24 protocol any entry 2
set match-group name Customer-Outbound
set match-group Customer-Outbound ext-acl 25 match-entry 1
set action-group name CustomerVPN
set action-group CustomerVPN next-interface tunnel.43 action-entry 1
set pbr policy name CustomerVPN-PBR
set pbr policy CustomerVPN-PBR match-group Customer-Outbound action-group CustomerVPN 1
exit
set interface redundant2.33 pbr CustomerVPN-PBR
no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (1)
… and 15 Guests.


Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 6 years and 39 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt