This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

static routes

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

static routes

FlexyZ
L3 Networker

‎03-30-2012 04:01 PM

Hi

I have 4 interfaces;

eth1/1 = sub1 -> 10.10.1.1/24

eth1/2 = sub2 -> 10.10.2/1/24

eth1/3 = mpls -> 10.10.3/1/24

eth1/8 = wan -> x.y.z.w

default router on all interfaces

but now I need to route all 0.0.0.0/0 traffic from sub1 over the MPLS (10.10.3.10) and 0.0.0.0/0 on sub2 over the wan (x.y.z.w)

sub2 still needs access to sub1 and sub2 to sub1

Does it makes sense and how can I do this?

Thanks

0 Likes Likes
6 REPLIES 6

mikand
L6 Presenter

‎03-30-2012 04:14 PM

I think you basically have 2 options:

1) Setup one VROUTER (not VSYS) for sub1 and another VROUTER for sub2.

VROUTER_sub1:
default route 0.0.0.0/0 nexthop 10.10.3.<whatever_ip_nexthop_is_on_mpls>

VROUTER_sub2:
default route 0.0.0.0/0 nexthop x.y.z.w

and then tell PA to route between the VROUTERS (I think I have seen a doc regarding this, not sure if VSYS is needed for this or not).

2) Or use PBF (Policy Based Forwarding) where you setup something like:

VROUTER_default:
default route 0.0.0.0/0 nexthop x.y.z.w

PBF_sub1
srczone: sub1
source address: 10.10.1.0/24 (or set to any)
source user: any
destination address: 10.10.3.<whatever_ip_nexthop_is_on_mpls>
action: forward (mpls_interface)

This way you have wan as default route except for stuff arriving at sub1 who will be forced into using the mpls interface as egress.

0 Likes Likes

FlexyZ
L3 Networker
In response to mikand

‎03-30-2012 04:21 PM

Thanks - let me try that, where do I find PBF?

0 Likes Likes

FlexyZ
L3 Networker
In response to FlexyZ

‎03-30-2012 04:24 PM

sorry found it Smiley Happy

0 Likes Likes

mikand
L6 Presenter
In response to FlexyZ

‎03-30-2012 04:24 PM

The document I was refering to in 1) above was obviously the admin guide itself 🙂

This is what you would need to do:

VROUTER_sub1:
default route 0.0.0.0/0 nexthop 10.10.3.<whatever_ip_nexthop_is_on_mpls>

10.10.2.0/24 nexthop NEXTVR:VROUTER_sub2

VROUTER_sub2:
default route 0.0.0.0/0 nexthop x.y.z.w

10.10.1.0/24 nexthop NEXTVR:VROUTER_sub1

Check page 109-110 in the PA-4.1_Administrators_Guide.pdf for more information.

Regarding PBF you will find the info in the same admin guide as above but on page 141-143.

The PBF is found in Policies -> Policy Based Forwarding in the GUI.

0 Likes Likes

FlexyZ
L3 Networker
In response to mikand

‎03-30-2012 05:00 PM

Thanks I am trying the PBF, and it works for the 0.0.0.0/0 over the MPLS, but I can't get routing to sub2 (10.10.2.0) as it routed over the mpls - I will try another PBF above the 0.0.0.0

0 Likes Likes

FlexyZ
L3 Networker
In response to FlexyZ

‎03-31-2012 04:27 PM

Thanks all, got it working with one PBF with destination as !LAN Smiley Happy

0 Likes Likes
  • 3348 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks