exit: add routes for VPN IPv4 addresses to outside and default VRFs
Like commit 7b5980f
but for VPN addresses. Also renumber some route
maps to improve consistency.
This commit is contained in:
parent
6c8309f1c9
commit
6322d5ec97
|
@ -295,11 +295,13 @@ route-map default-import permit 21
|
||||||
match ipv6 address prefix-list office
|
match ipv6 address prefix-list office
|
||||||
route-map default-import permit 30
|
route-map default-import permit 30
|
||||||
match ip address prefix-list nat
|
match ip address prefix-list nat
|
||||||
route-map default-import permit 31
|
|
||||||
match ipv6 address prefix-list vpn
|
|
||||||
route-map default-import permit 40
|
route-map default-import permit 40
|
||||||
match ip address prefix-list outside
|
match ip address prefix-list vpn
|
||||||
route-map default-import permit 41
|
route-map default-import permit 41
|
||||||
|
match ipv6 address prefix-list vpn
|
||||||
|
route-map default-import permit 50
|
||||||
|
match ip address prefix-list outside
|
||||||
|
route-map default-import permit 51
|
||||||
match ipv6 address prefix-list outside
|
match ipv6 address prefix-list outside
|
||||||
|
|
||||||
route-map outside-import permit 10
|
route-map outside-import permit 10
|
||||||
|
@ -380,7 +382,9 @@ route-map firewall->outside permit 21
|
||||||
match ipv6 address prefix-list office
|
match ipv6 address prefix-list office
|
||||||
route-map firewall->outside permit 30
|
route-map firewall->outside permit 30
|
||||||
match ip address prefix-list nat
|
match ip address prefix-list nat
|
||||||
route-map firewall->outside permit 31
|
route-map firewall->outside permit 40
|
||||||
|
match ip address prefix-list vpn
|
||||||
|
route-map firewall->outside permit 41
|
||||||
match ipv6 address prefix-list vpn
|
match ipv6 address prefix-list vpn
|
||||||
|
|
||||||
# Tag routes from each firewall. Set weight for primary to 200 and secondary to 100.
|
# Tag routes from each firewall. Set weight for primary to 200 and secondary to 100.
|
||||||
|
|
|
@ -139,11 +139,13 @@ route-map outside->default permit 11
|
||||||
# Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
|
# Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
|
||||||
route-map default->outside permit 1
|
route-map default->outside permit 1
|
||||||
match interface lo
|
match interface lo
|
||||||
route-map default->outside permit 10
|
|
||||||
match ip address prefix-list office
|
|
||||||
route-map default->outside permit 11
|
|
||||||
match ipv6 address prefix-list office
|
|
||||||
route-map default->outside permit 20
|
route-map default->outside permit 20
|
||||||
|
match ip address prefix-list office
|
||||||
|
route-map default->outside permit 21
|
||||||
|
match ipv6 address prefix-list office
|
||||||
|
route-map default->outside permit 30
|
||||||
match ip address prefix-list nat
|
match ip address prefix-list nat
|
||||||
route-map default->outside permit 31
|
route-map default->outside permit 40
|
||||||
|
match ip address prefix-list vpn
|
||||||
|
route-map default->outside permit 41
|
||||||
match ipv6 address prefix-list vpn
|
match ipv6 address prefix-list vpn
|
||||||
|
|
Loading…
Reference in a new issue