Thanks for the hint. Turned out that I had a mis-config on the SRX. The data is flowing.
Joshua Sanders Asst. Vice President - Systems Operations Western Mutual Insurance Group 26775 Malibu Hills Road Suite 100 Calabasas, CA 91301 Main Line: 800-927-2142 [email protected] From: "Summers, William" <[email protected]> To: "Enterasys Customer Mailing List" <[email protected]> Cc: "[email protected]" <[email protected]> Date: 09/25/2014 02:30 PM Subject: RE: [enterasys] Policy Based Routing ?Looking at this a little closer Joshua, I think you really want the policy route on the SRX, attached to 192.168.1.1 interface. If what you want is to send all traffic from 192.168.1.17 to 10.5.1.5. Nice text diagram by the way....that must have taken some time. William Summers Network Administrator Deerfield Academy Tel. 413.774.1838 ________________________________ From: [email protected] <[email protected]> Sent: Thursday, September 25, 2014 5:11 PM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Policy Based Routing Thanks William. Apparently my older firmware doesn't have the default-next-hop. The only thing available when I go into the route-map config is next-hop. I'm going to apply the config and see if I bring my network to it's knees. :) Wish me luck! Joshua Sanders Asst. Vice President - Systems Operations Western Mutual Insurance Group 26775 Malibu Hills Road Suite 100 Calabasas, CA 91301 Main Line: 800-927-2142 [email protected] From: "Summers, William" <[email protected]> To: "Enterasys Customer Mailing List" <[email protected]> Date: 09/25/2014 01:50 PM Subject: RE: [enterasys] Policy Based Routing ________________________________ Hi Joshua, The usual way to do this is to match only the client you want to apply the policy route to, and let the default do the work for all the rest. So you can drop access list 20 and that policy. I think you also want default-next-hop (which will honor the route table for connected/local subnets) instead of next-hop, which will send all traffic out to the cisco or srx, depending on the match. SO, you only need: route-map 100 permit 10 match ip address 10 set default-next-hop 10.5.1.5 ! interface vlan 100 ip policy route-map 100 ? I'm using an S-Series, so check your command paths. William Summers Network Administrator Deerfield Academy Tel. 413.774.1838 ________________________________ From: [email protected] <[email protected]> Sent: Thursday, September 25, 2014 4:27 PM To: Enterasys Customer Mailing List Subject: [enterasys] Policy Based Routing I'm trying to configure a policy based route to override the default route that is currently in place on my N7 running 6.12.03.0003. Currently there is a default route on the N7 that is routing traffic out to the Internet via 192.168.37.1. I'm trying to redirect packets from 192.168.1.17 to 10.5.1.5. When I apply the following config I shut down everything from 192.168.37.1 and up. Does anyone see what I'm doing? ! access-list 10 permit host 192.168.1.17 access-list 20 permit any ! route-map 100 permit 10 match ip address 10 set next-hop 10.5.1.5 ! route-map 100 permit 20 match ip address 20 set next-hop 192.168.37.1 ! interface vlan 100 ip policy route-map 100 +---------------------+ |Scary Internet | | Cloud | +----------+---------+ | | | |1.1.1.1 +--------+----------+ +--+ | | | | | | +------+ Server | SRX240 +------------------------+------+ 192.168.1.17 | |192.168.1.1 +--------+----------+ |192.168.37.1 | | | |Vlan 100 |192.168.37.2 +--------+----------+ | | |Enterasys | +----------------------+ |N7 |10.5.1.1 10.5.1.5| | | +----------------------------------+ Cisco 3845 | | |Vlan 5 | | +--------------------+ +----------------------+ Joshua Sanders Asst. Vice President - Systems Operations Western Mutual Insurance Group 26775 Malibu Hills Road Suite 100 Calabasas, CA 91301 Main Line: 800-927-2142 [email protected] * --To unsubscribe from enterasys, send email to [email protected]< mailto:[email protected]> with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] * --To unsubscribe from enterasys, send email to [email protected]< mailto:[email protected]> with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
