Policy Routing Help Please

SilverSurfer · #1 (**permalink**) 06-26-2008, 05:46 PM

Hi All

I am trying to move over from ASL 6.x to 7.x and have problem
On the 6.x box the "addtional addresses on an interface" were still "interfaces" on v7.x they are not selectable as interfaces. this is a problem (I think)

I had on the 6.x box a policy route which had an "additional address on an interface" as the source interface but in V7.x you cannot select the "additional address on an interface" as a source.

I do not know wether I'm being stupid or not but can anyone help ?

AMros · #2 (**permalink**) 06-27-2008, 12:51 PM

ignore the source ifc and user the add. ifc related network as source network?
a.

SilverSurfer · #3 (**permalink**) 06-09-2009, 07:27 PM

Hi This problem has reared its ugly head again !!

I cannot do that as I need to route from the internet

any ideas ?

BAlfson · #4 (**permalink**) 06-09-2009, 08:26 PM

Silver, what version of Astaro? Can you also provide some perpective on the problem you need to solve - I mean, what is the reason you "need to route from the internet?"

Cheers - Bob

SilverSurfer · #5 (**permalink**) 06-09-2009, 09:56 PM

Hi Bob Thanks for the interest

I have two routers that conect to the internet, one ADSL and one SDSL both have 8 puplic IPs (/29)

The ADSL router (IP xx.xx.xx.102/29) is the default GW and is used for web browsing downloads etc (the interface on the ASL box is xx.97)

The SDSL router (IP yy.yy.yy.33/29) carries our VPNs these are policy routed to the SDSL router and out on yy.34 this works fine (the interface on the ASL box is yy.34)

What I need to do is allow an incoming to yy.35 and pass it to a host on our internal network and route it via yy.33 and back out on yy.35 (its a polycom videoconferencing device)

In ASL v 6.xx I had yy.35 as an additional address on yy.34 and policy routed in and out of the ASL box (see attachment) but in V7.xx you cannot policy route to an additional address

I am (Trying to use) using ASL 7.403

Any Help would be great

Thanks
Jeff

BAlfson · #6 (**permalink**) 06-10-2009, 03:21 PM

It's been awhile since I've thought about V6, but I guess that you can achieve the same thing by selecting a 'Route type' of "Gateway route" in V7.

Does anyone know if he could solve his Polycom problem better with the H.323 support?

SilverSurfer · #7 (**permalink**) 06-10-2009, 10:15 PM

Hi Bob

Yeah that what I figured but you cannot policy route from an "addtional address on interface" in V 7.xx IE you cannot define a "Source Interface"

You can with V6

Jeff

BAlfson · #8 (**permalink**) 06-11-2009, 01:13 AM

Barry could give you a better answer when it comes to creating policy routes.

In general, I would use DNAT/SNAT to resolve issues like yours where a single internal IP needs to appear to the outside on an Additional Address on an external interface.

For example, for inbound traffic initiated from the outside:

Traffic Source: Any
Traffic Service: [group of services involved or 'Any']
Traffic Destination: [yy.yy.yy.35]

NAT mode: DNAT (Destination)

Destination: [internal IP of Polycom device]
Destination Service: [leave empty]

And, for outbound traffic initiated from inside:

Traffic Source: [internal IP of Polycom device]
Traffic Service: [group of services involved or 'Any']
Traffic Destination: Any

NAT mode: SNAT (Source)

Source: [yy.yy.yy.35]
Source Service: [leave empty]

Cheers - Bob

SilverSurfer · #9 (**permalink**) 06-11-2009, 09:00 AM

Hi Bob

I need to do NAT and Policy routing !

As I said I have this working fine on V6

The interface yy is not on the default gateway device

The policy route creates a gateway for interface yy

Jeff

BAlfson · #10 (**permalink**) 06-11-2009, 11:37 AM

You mean changing the default gateway in the Polycom doesn't resolve the need for a route?