Assistance is required regarding the PBR (Policy based routing) using the extended ACL.
My agenda is to route the traffic to different destination IP addresses based on the source, destination and destination protocol.
Scenario:
Route-map PBR has been created in which access-list should match and traffic should be routed to different destinations;
1- Traffic from source 10.10.10.10 to destination 20.20.20.20 and destination port 22 (ssh) should be routed to the next hop 30.30.30.45.
2- Traffic from source 10.10.10.10 to destination 20.20.20.20 and destination port 443 (https) should be routed to the next hop 30.30.30.50.
There is an example
set policy route ROUTE22 interface 'eth2'
set policy route ROUTE22 rule 10 destination address '20.20.20.20'
set policy route ROUTE22 rule 10 destination port '22'
set policy route ROUTE22 rule 10 protocol 'tcp'
set policy route ROUTE22 rule 10 set table '10'
set policy route ROUTE22 rule 10 source address '10.10.10.10'
set protocols static table 10 route 0.0.0.0/0 next-hop 30.30.30.45
In the same way use another rule with another table and gateway
2 Likes
If there is a possibility of doing this using Route-maps. But I’m not able to configure port in the extended ACL.
set policy access-list 2001 description ‘test’
set policy access-list 2001 rule 1 action ‘permit’
set policy access-list 2001 rule 1 destination any
set policy access-list 2001 rule 1 source host ‘10.11.17.200’
set policy route-map PBR description ‘First PBR’
set policy route-map PBR rule 1 action ‘permit’
set policy route-map PBR rule 1 match ip address access-list ‘2001’
set policy route-map PBR rule 1 match ip nexthop
set policy route-map PBR rule 1 set ip-next-hop ‘10.11.19.45’
Access lists are used for routing protocols like BGP/OSPF and not used for the firewall
You can use groups
vyos@r14# set policy route foo rule 10 source group
Possible completions:
address-group Group of addresses
domain-group Group of domains
mac-group Group of MAC addresses
network-group Group of networks
port-group Group of ports
1 Like