Tag: interface

CCNP Route 300-101 – Policy Based Routing

by Samuel Mitchell, posted in Cisco, Routing & Switching

Policy-based routing (PBR) is a process whereby the device puts packets through a route map before routing them.  (Cisco Reference)

Policy Based Routing is applicable to scenarios where you want to route a source IP address through a specific gateway IP address to a specific destination. Policy Based Routing relies on route-map to performs it functions which then uses access-list or prefix list to identify the respective source or destination IP address.

policybasedrouting

Configure Policy Based Routing

Step 1 – Configure Access list

R1(config)# ip access-list standard PC1-INT

R1(config-access-list)# permit ip host [PC1-IPAddress] [DestinationIP-Subnet]

Step 2 – Configure the Route map

R1(config)# route-map ISP2-INT [Sequence#]

R1(config-route-map)# match ip address [ISP2-INT]

R1(config-route-map)# set ip next-hop [ISP2]

Step 3 – Apply the Route map on the inbound interface

R1(config)# interface f0/0

R1(config-f)# ip policy route-map ISP2-INT

That is it for the configuration example for the Policy Based Routing.

There are a number of points to note about PBR:

  1. The implicit deny at the end of the route-map does not drop the packet but allow the  traffic to be routed but the normal routing table.
  2. There is an option to include a keyword “default” in the route-map set parameter which tells the router to check the routing table for this destination address before apply the next hop:
    1. set ip default next-hop [IPAddress]
  3. Match all parameter can be applied by not setting any match conditions in the route map.

 

This is it for the Policy Based Routing and you can refer to Cisco documentation for further information.

 

 

Fortinet: Publishing a Server access to the Internet via HTTP

by Samuel Mitchell, posted in Routing & Switching, Security, Uncategorized

This article is providing instructions on how to public a server/device to the internet using http. This article will go through the basic configuration.

After logging into to the Fortinet portal, got to Firewall Objects –> Virtual IP –> Virtual IP, select Create New

create_virtual_ip

There are number of parameters:

Name: Short description of services e.g. DVR HTTP-80

External Interface: this is the port connected to the internet link with the public IP address.

External IP Address/Range: this use only need if you have more that one IP address configured on the port. If not, you can leave the default 0.0.0.0

Mapped IP Address/Range: Enter the internal server IP address of device. e.g. our DVR 192.168.0.12

Port Forwarding: tick this option if you are using custom ports from the default e.g. external service port is 5000 from the outside connecting to (map to) port 80 on the internal server.

virtual_ip_info

Go to Policy –>Policy –> Create New

create_policy

Select the Source Interface/Zone to external port.

Select destination Address to the Virtual IP created earlier and select Service to HTTP since we are using port 80. If the service is not list add it with the custom ports. Select Enable NAT to allow external IP address to access the internal device through the fortinet.

policy_settings

Once save by clicking ok, it will be listed under the external port source port column in the Policy section.

policy_listed