Product Documentation

Routing Examples

May 09, 2018

The following examples illustrate configuring Cisco routers for the local and remote sites shown in Virtual inline example. To illustrate health monitoring, the configuration for the local site includes health monitoring, but the configuration for the remote site does not.

Note: The configuration for the local site assumes that a ping monitor has already been configured.

The examples conform to the Cisco IOS CLI. They might not be applicable to routers from other vendors.

Local Site, Health-Checking Enabled
! 
! For health-checking to work, do not forget to start 
! the monitoring process. 
! 
! Original configuration is in normal type. 
! appliance-specific configuration is in bold. 
! 
ip cef 
! 
interface FastEthernet0/0 
ip address 10.10.10.5 255.255.255.0 
ip policy route-map client_side_map 
! 
interface FastEthernet0/1 
ip address 172.68.1.5 255.255.255.0 
ip policy route-map wan_side_map 
! 
interface FastEthernet1/0 
ip address 192.168.1.5 255.255.255.0 
! 
ip classless 
ip route 0.0.0.0 0.0.0.0 171.68.1.1 
! 
ip access-list extended client_side 
permit ip 10.10.10.0 0.0.0.255 10.16.20.0 0.0.0.255 
ip access-list extended wan_side 
permit ip 10.16.20.0 0.0.0.255 10.10.10.0 0.0.0.255 
! 
route-map wan_side_map permit 20 
match ip address wan_side 
!- Now set the appliance as the next hop, if it’s up. 
set ip next-hop verify-availability 192.168.1.200 20 track 123 
! 
route-map client_side_map permit 10 
match ip address client_side 
set ip next-hop verify-availability 192.168.1.200 10 track 123
Remote Site (No Health Checking)
! This example does not use health-checking. 
! Remember, health-checking is always recommended, 
! so this is a configuration of last resort. 
! 
! 
ip cef 
! 
interface FastEthernet0/0 
ip address 20.20.20.5 255.255.255.0 
ip policy route-map client_side_map 
! 
interface FastEthernet0/1 
ip address 171.68.2.5 255.255.255.0 
ip policy route-map wan_side_map 
! 
interface FastEthernet1/0 
ip address 192.168.2.5 255.255.255.0 
! 
ip classless 
ip route 0.0.0.0 0.0.0.0 171.68.2.1 
! 
ip access-list extended client_side 
permit ip 10.16.20.0 0.0.0.255 10.10.10.0 0.0.0.255 
ip access-list extended wan_side 
permit ip 10.10.10.0 0.0.0.255 10.16.20.0 0.0.0.255 
! 
route-map wan_side_map permit 20 
match ip address wan_side 
set ip next-hop 192.168.2.200 
! 
route-map client_side_map permit 10 
match ip address client_side 
set ip next-hop 192.168.2.200 
!_

Each of the above examples applies an access list to a route map and attaches the route map to an interface. The access lists identify all traffic originating at one accelerated site and terminating at the other (A source IP of 10.10.10.0/24 and destination of 20.20.20.0/24 or vice versa). See your router's documentation for the details of access lists and route-maps.

This configuration redirects all matching IP traffic to the appliances. If you want to redirect only TCP traffic, you can change the access-list configuration as follows (only the remote side's configuration is shown here):
! 
 ip access-list extended client_side 
 permit tcp 10.16.20.0 0.0.0.255 10.10.10.0 0.0.0.255 
 ip access-list extended wan_side 
 permit tcp 10.10.10.0 0.0.0.255 10.16.20.0 0.0.0.255 
!

Note that, for access lists, ordinary masks are not used. Wildcard masks are used instead. Note that when reading a wildcard mask in binary, "1" is considered a "don't care" bit.