Direct Traffic for certain networks to specific route

Discussion in 'Cisco' started by GNY, Mar 30, 2007.

  1. GNY

    GNY Guest

    Hello!

    I have a 2811 where 1 int has an internal IP and the other has a
    public IP. The serial port brings a T1 in.

    I would like certain addresses that are internal to be routed to the
    interface which has a LAN IP.

    Whats the best way to achieve this?

    I tried using serveal ip route methods, but it failed.

    Any ideas?

    Thanks..


    GNY
    GNY, Mar 30, 2007
    #1
    1. Advertising

  2. GNY

    GNY Guest

    Sorry let me be clear .

    I would like certain internal addresses that are sought after on the
    public network0/1 to be routed to the internal interface0/0.
    GNY, Mar 30, 2007
    #2
    1. Advertising

  3. In article <>,
    GNY <> wrote:
    >Sorry let me be clear .


    >I would like certain internal addresses that are sought after on the
    >public network0/1 to be routed to the internal interface0/0.


    Unfortunately that's not quite clear. What's doing the soughting?

    The traffic to be handled this way:
    - where (which segment) does it start on?
    - what destination IP address does it start out with?
    - where (which segment) should it end on?
    - which destination IP address should the packet have when it
    reaches the new destination?
    - should it have changed source IP addresses in the process of
    being redirected?

    Or am I reading this wrong and what you've got is a public IP
    range that is offering some services known to the outside, and
    that's translated at the 2811 into internal IP addresses,
    but sometimes someone inside tries to or wants to or
    (for some obsure reason) really -needs- to access the resource
    using its public IP and those publically-addressed packets are
    normally getting out to the far side of the T1 and being routed
    back in and you want to fix this all so that when the public IPs
    of the internal resources are referenced, that the traffic gets
    turned around at your 2811 instead of having to go all the way out?
    Walter Roberson, Mar 30, 2007
    #3
  4. GNY

    GNY Guest

    On Mar 29, 11:12 pm, (Walter Roberson) wrote:
    > In article <>,
    >
    > GNY <> wrote:
    > >Sorry let me be clear .
    > >I would like certain internal addresses that are sought after on the
    > >public network0/1 to be routed to the internal interface0/0.

    >
    > Unfortunately that's not quite clear. What's doing the soughting?
    >
    > The traffic to be handled this way:
    > - where (which segment) does it start on?
    > - what destination IP address does it start out with?
    > - where (which segment) should it end on?
    > - which destination IP address should the packet have when it
    > reaches the new destination?
    > - should it have changed source IP addresses in the process of
    > being redirected?
    >
    > Or am I reading this wrong and what you've got is a public IP
    > range that is offering some services known to the outside, and
    > that's translated at the 2811 into internal IP addresses,
    > but sometimes someone inside tries to or wants to or
    > (for some obsure reason) really -needs- to access the resource
    > using its public IP and those publically-addressed packets are
    > normally getting out to the far side of the T1 and being routed
    > back in and you want to fix this all so that when the public IPs
    > of the internal resources are referenced, that the traffic gets
    > turned around at your 2811 instead of having to go all the way out?


    Sorry i wasnt clear.. I'll try again ..

    I have 3 interfaces on the 2811.

    s0/0/0= T1
    fe0/0= LAN IP Range
    fe0/1= WAN IP Range

    The services that i want the WAN int to access are on the LAN int
    network.The services are never available on the WAN side; hence why i
    need to force over to LAN. So when i type in 123.456.78.90 it should
    never try to resolve it using the default gateway to the T1 internet;
    it should use the LAN int next hop route immediately. Also hosts
    connected to the WAN int should also be able to get there also.

    Hope this is helps you help me.

    GNY
    GNY, Mar 30, 2007
    #4
  5. On Mar 30, 8:25 am, "GNY" <> wrote:
    > On Mar 29, 11:12 pm, (Walter Roberson) wrote:
    >
    >
    >
    >
    >
    > > In article <>,

    >
    > > GNY <> wrote:
    > > >Sorry let me be clear .
    > > >I would like certain internal addresses that are sought after on the
    > > >public network0/1 to be routed to the internal interface0/0.

    >
    > > Unfortunately that's not quite clear. What's doing the soughting?

    >
    > > The traffic to be handled this way:
    > > - where (which segment) does it start on?
    > > - what destination IP address does it start out with?
    > > - where (which segment) should it end on?
    > > - which destination IP address should the packet have when it
    > > reaches the new destination?
    > > - should it have changed source IP addresses in the process of
    > > being redirected?

    >
    > > Or am I reading this wrong and what you've got is a public IP
    > > range that is offering some services known to the outside, and
    > > that's translated at the 2811 into internal IP addresses,
    > > but sometimes someone inside tries to or wants to or
    > > (for some obsure reason) really -needs- to access the resource
    > > using its public IP and those publically-addressed packets are
    > > normally getting out to the far side of the T1 and being routed
    > > back in and you want to fix this all so that when the public IPs
    > > of the internal resources are referenced, that the traffic gets
    > > turned around at your 2811 instead of having to go all the way out?

    >
    > Sorry i wasnt clear.. I'll try again ..
    >
    > I have 3 interfaces on the 2811.
    >
    > s0/0/0= T1
    > fe0/0= LAN IP Range
    > fe0/1= WAN IP Range
    >
    > The services that i want the WAN int to access are on the LAN int
    > network.The services are never available on the WAN side; hence why i
    > need to force over to LAN. So when i type in 123.456.78.90 it should
    > never try to resolve it using the default gateway to the T1 internet;
    > it should use the LAN int next hop route immediately. Also hosts
    > connected to the WAN int should also be able to get there also.
    >
    > Hope this is helps you help me.
    >
    > GNY- Hide quoted text -
    >
    > - Show quoted text -


    I'm a little confused on what you're trying to do.. but have you
    looked into creating policy routing? You can set based on ACLs,
    traffic to use a certain 'next hop' address or go out a different
    interface.
    You set up a policy, match it against ACLs and set your 'next hop'..
    then apply the policy to the interface that the traffic comes in on,
    such as: int ethernet 0/0; ip policy < route name> in ' .

    If this is what you're looking for, I can help set up policy routes.

    Good luck,
    Aaron
    Mysticmoose06, Mar 30, 2007
    #5
  6. GNY

    GNY Guest

    On Mar 30, 10:21 am, "Mysticmoose06" <> wrote:
    > On Mar 30, 8:25 am, "GNY" <> wrote:
    >
    >
    >
    > > On Mar 29, 11:12 pm, (Walter Roberson) wrote:

    >
    > > > In article <>,

    >
    > > > GNY <> wrote:
    > > > >Sorry let me be clear .
    > > > >I would like certain internal addresses that are sought after on the
    > > > >public network0/1 to be routed to the internal interface0/0.

    >
    > > > Unfortunately that's not quite clear. What's doing the soughting?

    >
    > > > The traffic to be handled this way:
    > > > - where (which segment) does it start on?
    > > > - what destination IP address does it start out with?
    > > > - where (which segment) should it end on?
    > > > - which destination IP address should the packet have when it
    > > > reaches the new destination?
    > > > - should it have changed source IP addresses in the process of
    > > > being redirected?

    >
    > > > Or am I reading this wrong and what you've got is a public IP
    > > > range that is offering some services known to the outside, and
    > > > that's translated at the 2811 into internal IP addresses,
    > > > but sometimes someone inside tries to or wants to or
    > > > (for some obsure reason) really -needs- to access the resource
    > > > using its public IP and those publically-addressed packets are
    > > > normally getting out to the far side of the T1 and being routed
    > > > back in and you want to fix this all so that when the public IPs
    > > > of the internal resources are referenced, that the traffic gets
    > > > turned around at your 2811 instead of having to go all the way out?

    >
    > > Sorry i wasnt clear.. I'll try again ..

    >
    > > I have 3 interfaces on the 2811.

    >
    > > s0/0/0= T1
    > > fe0/0= LAN IP Range
    > > fe0/1= WAN IP Range

    >
    > > The services that i want the WAN int to access are on the LAN int
    > > network.The services are never available on the WAN side; hence why i
    > > need to force over to LAN. So when i type in 123.456.78.90 it should
    > > never try to resolve it using the default gateway to the T1 internet;
    > > it should use the LAN int next hop route immediately. Also hosts
    > > connected to the WAN int should also be able to get there also.

    >
    > > Hope this is helps you help me.

    >
    > > GNY- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > I'm a little confused on what you're trying to do.. but have you
    > looked into creating policy routing? You can set based on ACLs,
    > traffic to use a certain 'next hop' address or go out a different
    > interface.
    > You set up a policy, match it against ACLs and set your 'next hop'..
    > then apply the policy to the interface that the traffic comes in on,
    > such as: int ethernet 0/0; ip policy < route name> in ' .
    >
    > If this is what you're looking for, I can help set up policy routes.
    >
    > Good luck,
    > Aaron


    Policy routing is what i think i need, but I'm also wondering if i
    already have enough setup, but the router at the other end( which i
    dont manage) doesnt have a route back to that router interface.

    so i currently have: ip route 200.xxx.xxx.xxx 255.255.255.0
    192.168.1.1

    Now.. the 200 yes is a public address, but its only available via VPN
    or on the LAN where this server resides. In our case we are plugged
    into the network that is routed to it. The interface that "plugged"
    into it is the 192.168.1.5 ip address. So in this case the router
    knows to route traffic for this ip to that next hop.

    I have another interface, its set as 204.xx.xxx.x and i have hosts
    connected to that interface via a switch. from these hosts i would
    like to connect to this 200.xxx.xxx.xxx network, but i cant.

    the only other route i have setup is the last resort which uses the T1
    next hop gateway to get out to the internet.

    I thought adding the statement: ip route 200.xxx.xxx.xxx 255.255.255.0
    192.168.1.1

    would fix routing for both the 192.168.x.xx and the 204.xx.xxx.x
    interfaces, but its not proving so, unless the end router needs a
    route back to the 204.xx.xxx.x interface. Currently only a route back
    to the 192.168.x.x interface is configured.

    Now do i make some sense?

    haha!

    Thanks for the help eitherway!

    GNY
    GNY, Mar 30, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mimiseh
    Replies:
    3
    Views:
    894
  2. AM
    Replies:
    3
    Views:
    634
  3. Jason
    Replies:
    1
    Views:
    436
    flamer
    May 2, 2008
  4. Replies:
    9
    Views:
    5,050
    Scott Perry
    Aug 7, 2008
  5. Giuen
    Replies:
    0
    Views:
    875
    Giuen
    Sep 12, 2008
Loading...

Share This Page