Hi All,
I have a setup like this:
192.168.100.0/24 is a VLAN with internet connection via ISP1. 172.16.100.0/24 is a VLAN with internet connection via ISP2.Right now, I have these VLANs on separate (Catalyst 4506) switches. I am trying to combine them onto a single switch, with route-maps. Here is my configuration:
access-list 160 permit ip 172.16.100.0 0.0.0.255 any route-map ISP2 permit 20 match ip address 160 set ip next-hop 172.16.100.254 int vlan 50 desc ISP2 ip address 172.16.100.1 255.255.255.0 ip policy route-map ISP2 int vlan 25 desc ISP1 ip address 192.168.100.1 255.255.255.0
This works fine. Now, I'd like to have IP connectivity between the two VLANs. How should I modify my ACL for that? I tried:
access-list 160 deny ip 172.16.100.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 160 permit ip 172.16.100.0 0.0.0.255 any
Which didn't work. I thought if the route-map encountered a deny ACL, default routing would take place, but that does not seem to be the case.
The default routing table on the switch looks like:
C 192.168.100.0/24 is directly connected, Vlan25 C 172.16.100.0/24 is directly connected, Vlan50 S* 0.0.0.0/0 [1/0] via 192.168.100.254
192.168.100.254 and 172.16.100.254 are my firewalls (two Netscreens).TIA,
Binand