|
Posted by Mysticmoose06 on March 30, 2007, 10:21 am
> On Mar 29, 11:12 pm, rober...@hushmail.com (Walter Roberson) wrote:
>
>
>
>
>
>
> > >Sorry let me be clear .
> > >I would like certain internal addresses that are sought after on the
> > >public network0/1 to be routed to the internal interface0/0.
>
> > Unfortunately that's not quite clear. What's doing the soughting?
>
> > The traffic to be handled this way:
> > - where (which segment) does it start on?
> > - what destination IP address does it start out with?
> > - where (which segment) should it end on?
> > - which destination IP address should the packet have when it
> > reaches the new destination?
> > - should it have changed source IP addresses in the process of
> > being redirected?
>
> > Or am I reading this wrong and what you've got is a public IP
> > range that is offering some services known to the outside, and
> > that's translated at the 2811 into internal IP addresses,
> > but sometimes someone inside tries to or wants to or
> > (for some obsure reason) really -needs- to access the resource
> > using its public IP and those publically-addressed packets are
> > normally getting out to the far side of the T1 and being routed
> > back in and you want to fix this all so that when the public IPs
> > of the internal resources are referenced, that the traffic gets
> > turned around at your 2811 instead of having to go all the way out?
>
> Sorry i wasnt clear.. I'll try again ..
>
> I have 3 interfaces on the 2811.
>
> s0/0/0= T1
> fe0/0= LAN IP Range
> fe0/1= WAN IP Range
>
> The services that i want the WAN int to access are on the LAN int
> network.The services are never available on the WAN side; hence why i
> need to force over to LAN. So when i type in 123.456.78.90 it should
> never try to resolve it using the default gateway to the T1 internet;
> it should use the LAN int next hop route immediately. Also hosts
> connected to the WAN int should also be able to get there also.
>
> Hope this is helps you help me.
>
> GNY- Hide quoted text -
>
> - Show quoted text -
I'm a little confused on what you're trying to do.. but have you
looked into creating policy routing? You can set based on ACLs,
traffic to use a certain 'next hop' address or go out a different
interface.
You set up a policy, match it against ACLs and set your 'next hop'..
then apply the policy to the interface that the traffic comes in on,
such as: int ethernet 0/0; ip policy < route name> in ' .
If this is what you're looking for, I can help set up policy routes.
Good luck,
Aaron
|