Announcement

Collapse
No announcement yet.

Help! Routing to an IP Address based on Source IP Address

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help! Routing to an IP Address based on Source IP Address

    This isn't a VPN question, just routing.
    OK here's my situation, this is a good one...

    My company is a group of banks. Endusers at these different banks access a federal banking website (171.203.0.2). They access the Internet through the centralized datacenter, not locally.

    To access the website, the federal bank requires that each bank go through a seperate VPN device that sets up a secure IPSec tunnel to the website. The INTERNAL IP addresses of those VPN devices are as follows:

    VPN_BankA: 172.16.5.215
    VPN_BankB: 172.16.5.216
    VPN_BankC: 172.16.5.217
    VPN_BankD: 172.16.5.218
    VPN_BankE: 172.16.5.219
    VPN_BankF: 172.16.5.220
    VPN_BankG: 172.16.5.221

    Each bank has it's own subnet, like so:

    BankA: 10.32.0.0/16
    BankB: 10.33.0.0/16
    BankC: 10.34.0.0/16
    BankD: 10.35.0.0/16
    BankE: 10.36.0.0/16
    BankF: 10.37.0.0/16
    BankG: 10.38.0.0/16

    SO....the goal is to route the packets going to the website (171.203.0.2) to the right VPN device based on the subnet the packet is coming from. I also need to perserve the source and destination IPs in the packet (no NATing).

    This can probably get done with some policy based routing but I'm not that smart, you guys are. Help a brother!

    Thanks,
    Arrie

  • #2
    Re: Help! Routing to an IP Address based on Source IP Address

    Here's an unorthodox suggestion (so maybe you'll want to ignore it):

    You could put an ACL on each VPN interface that blocks traffic except from devices on the appropriate subnet. In a strange way this is accomplishing the task from the opposite direction. Instead of allowing (routing) traffic from each subnet to the appropriate VPN you are denying traffic from all devices except those on the appropriate subnet.

    Comment


    • #3
      Re: Help! Routing to an IP Address based on Source IP Address

      Yes, PBR - policy based routing, should do the trick...

      create a route map
      use multiple match & set statements

      see the config steps & info
      David Davis - Petri Forums Moderator & Video Training Author
      Train Signal - The Global Leader in IT Video Training
      TrainSignalTraining.com - Free IT Training Products
      Personal Websites: HappyRouter.com & VMwareVideos.com

      Comment

      Working...
      X