From: Djerk Geurts (djerk@djerk.nl)
Date: Tue Aug 07 2007 - 03:30:06 ART
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Radioactive Frog
>
> Hi Gang,
>
> The application is Internet / web broswing:
>
> I have got 4 subnets:
>
> 200.200.1.0/24
> 200.200.2.0/24
> 200.200.3.0/24
> 200.200.4.0/24
> port-80,443,25,110
> /----|HTTP-Filter|---\
> / Appliance \
> | |
> LAN1-----|Router|---|
> ///////////////////////////|---------|Router2|--------------{{
{{ Internet
> Backbone }}}
> ------Customer------
> <----------------ISP---------------
>
>
> How can I put the route map and only put traffic of port 80 and 21/25
> through "HTTP-filter box" ?
> Non filter traffic shoud go direct router1 to router2 (e.g.
> other than port
> 80 and 21/25).
PBR: match by (L4) ACL and set next-hop
Or use WCCP (Web Caching Controll Protocol) to redirect based on (L4) ACL
> I guess, we can use standard route-map with L4 ACL's ??
Yes (or use WCCP if your appliance supports it)
> Can someone give an example?
# PBR :
interface <XYZ> <123>
description *** ingress or LAN interface ***
ip policy route-map ACL-DEST-REDIR
!
ip access-list extended ACL-DEST-REDIR
permit tcp 200.200.1.0 0.0.0.255 any eq www 443 ftp smtp
permit tcp 200.200.2.0 0.0.1.255 any eq www 443 ftp smtp
permit tcp 200.200.4.0 0.0.0.255 any eq www 443 ftp smtp
!
route-map PBR-WEB-REDIR permit 10
match ip address ACL-DEST-REDIR
set ip next-hop 1.2.3.4
!
route-map PBR-WEB-REDIR permit 20
# WCCP
interface <XYZ> <123>
description *** ingress or LAN interface ***
# The WCCP appliance will configure the router
# on what traffic may be forwarded to it
ip wccp web-cache redirect in
Djerk
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART