static routes

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

static routes

L3 Networker

Hi

I have 4 interfaces;

eth1/1 = sub1 -> 10.10.1.1/24

eth1/2 = sub2 -> 10.10.2/1/24

eth1/3 = mpls -> 10.10.3/1/24

eth1/8 = wan -> x.y.z.w

default router on all interfaces

but now I need to route all 0.0.0.0/0 traffic from sub1 over the MPLS (10.10.3.10) and 0.0.0.0/0 on sub2 over the wan (x.y.z.w)

sub2 still needs access to sub1 and sub2 to sub1

Does it makes sense and how can I do this?

Thanks

6 REPLIES 6

L6 Presenter

I think you basically have 2 options:

1) Setup one VROUTER (not VSYS) for sub1 and another VROUTER for sub2.

VROUTER_sub1:
default route 0.0.0.0/0 nexthop 10.10.3.<whatever_ip_nexthop_is_on_mpls>

VROUTER_sub2:
default route 0.0.0.0/0 nexthop x.y.z.w

and then tell PA to route between the VROUTERS (I think I have seen a doc regarding this, not sure if VSYS is needed for this or not).

2) Or use PBF (Policy Based Forwarding) where you setup something like:

VROUTER_default:
default route 0.0.0.0/0 nexthop x.y.z.w

PBF_sub1
srczone: sub1
source address: 10.10.1.0/24 (or set to any)
source user: any
destination address: 10.10.3.<whatever_ip_nexthop_is_on_mpls>
action: forward (mpls_interface)

This way you have wan as default route except for stuff arriving at sub1 who will be forced into using the mpls interface as egress.

Thanks - let me try that, where do I find PBF?

sorry found it Smiley Happy

The document I was refering to in 1) above was obviously the admin guide itself 🙂

This is what you would need to do:

VROUTER_sub1:
default route 0.0.0.0/0 nexthop 10.10.3.<whatever_ip_nexthop_is_on_mpls>

10.10.2.0/24 nexthop NEXTVR:VROUTER_sub2

VROUTER_sub2:
default route 0.0.0.0/0 nexthop x.y.z.w

10.10.1.0/24 nexthop NEXTVR:VROUTER_sub1

Check page 109-110 in the PA-4.1_Administrators_Guide.pdf for more information.

Regarding PBF you will find the info in the same admin guide as above but on page 141-143.

The PBF is found in Policies -> Policy Based Forwarding in the GUI.

Thanks I am trying the PBF, and it works for the 0.0.0.0/0 over the MPLS, but I can't get routing to sub2 (10.10.2.0) as it routed over the mpls - I will try another PBF above the 0.0.0.0

Thanks all, got it working with one PBF with destination as !LAN Smiley Happy

  • 3370 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!