+ Reply to Thread
Results 1 to 2 of 2
  1. The Bringer of Light DevilWAH's Avatar
    Join Date
    Jan 2010
    Location
    UK
    Posts
    2,964

    Certifications
    CCENT, CCNA, CCNA Security, ITIL Foundation, CCNP SWITCH,ROUTE, Zoology BSc,
    #1

    Default PBR and nat on same device

    I forget the order to do this in

    Suppose I have a router with two external interface and one internal

    the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.

    I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B

    But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
    Reply With Quote Quote  

  2. Senior Member
    Join Date
    Jan 2013
    Location
    Oklahoma
    Posts
    295

    Certifications
    CISSP, GCED, SSCP, CCNA R/S & Security, CSA+, Network+
    #2
    Quote Originally Posted by DevilWAH View Post
    I forget the order to do this in

    Suppose I have a router with two external interface and one internal

    the one ISP is sending traffic to interface A on the outside and I am Natting this to the 192.168.0.1/24 network inside.

    I want traffic coming from 192.168.0.1 to be routed back out of interface A but I can tell where it is going to I can only do source based policy routing (traffic from 192.168.0.1 to anywhere send out interface A) traffic from any where else should go out via interface B

    But policy based routing is applied on the incoming interface, so would normally be applied to the internal interface. but how does this play with NAT?
    The PBR should be processed before NAT, so on your internal face you would just allow 192.168.0.1/24 out to interface A and everything else would go B. Am I missing something there??
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks