Home > Archive > CCNP > April 2002 > Firewall/3660 Router





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Firewall/3660 Router
chad_tech

2002-04-19, 5:23 pm

I wasn't sure what form to post this question on, so I made an educated guess. I appreciate the time that anyone would take to reply!

I have been implimenting Microsoft's ISA server for firewall/proxy solution for my company. We have a cisco 3660 router with 4 interfaces (10.0.10.x, 10.0.11.x, 10.0.12.x, 10.0.13.x) Subnet is class C.

The gateway of last resort is set to the internal ip of our cable modem 10.0.13.253.

I have to make sure that everyone is using the ISA server, so the solution I came up with was to set the gateway of last resort to the internal ip address of the ISA server.

My problem is that I don't want the 10.0.13.x interface/subnet to uset he ISA server. I would like the gateway of last resort to be set to the internal address of our cable modem.

Is there a way to make a particular interface on a router use a differnt gateway of last resort? Is there an easier solution?


If my description of the problem is not good enough, please let me know.

Thanks in advance!

Chad Forster
Yankee

2002-04-19, 7:43 pm

Can't do what you describe to my knowledge but without pondering this too long or hard my guess would be Policy Routing might be your only answer. Basically I think you could say traffic from the 10.0.13.x network not bound for any of your other local networks go "here". Usually "here" is an interface but I'm thinking there is a way to do what you want and I'll let the other smater techs correct me or be more precise as to what you have to do.

Yankee
yataozhu

2002-04-20, 8:30 am

! route-map to set the DF to cable-modem
router-map SET-DF permit 10
match ip address 5
set ip default next-hop 10.0.13.253

! Only those match access-list 5 will be set
access-list 5 permit 10.0.13.0 0.0.0.255

! apply route-map to the interface
int e4 (with 10.0.13.x)
ip policy route-map SET-DF

! other traffic will use this
ip route 0.0.0.0 0.0.0.0 <ISA address>


Hope this helps.

Yatao
chad_tech

2002-04-20, 12:45 pm

Thanks so much for the replies, I really appreciate it. I will do more research on policy routing early next week.

Thanks Again!

Chad
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net