09-08-2006 07:01 AM - edited 03-03-2019 04:52 AM
I need to do policy based routing based on the incoming IP address. All the addresses are coming in through a VPN concentrator and will be directed to one IP address on the concentrators policy, the concentrator will then pass the traffic to a switch running layer 3 code that will do the PBR. The switch will then need to route the traffic to differnt IP addresses on the same subnet depending on the source IP of the packet. Does anyone have any examples of how to set up a route-map and access list to accomplish this? Thanks!
09-08-2006 09:46 AM
What kind of switch are you using?
09-08-2006 09:53 AM
Cisco 3750
09-08-2006 10:05 AM
PBR does not work on 3750.
09-08-2006 10:26 AM
I was told by A cisco engineeer that it would but if not, I will use whatever kind of switch I need.
09-08-2006 01:16 PM
Note the information in the following article, It shows PBR being allowed on 3750 switches.
09-09-2006 01:15 AM
In a similar scenario, I've used the following template:
===============
access-list 101 remark
access-list 101 permit ip 10.10.0.0 0.0.255.255 any
access-list 101 permit ip 10.110.0.0 0.0.255.255 any
route-map WE permit 5
match ip address 101
set ip next-hop
===============
Pls let me know if this works in ur case..There are several other parametrs though, which can be set such as metric, weight, interface, community, metric-type, tag etc.
Rgds\Satya.
09-13-2006 10:44 AM
HI Satya,
Thanks for the response. Let me give you a more specific example of what I am trying to do.
Lets say I have an incomming address of 172.16.72.21 and it is trying to access port 14635 on 10.10.10.100, but as this packet comes in I really need it to access server 10.10.10.112 port 14635, Now I also have an address coming in of 192.168.101.211 that needs to access 10.10.10.100 port 15321. These addresses are all coming into my network via Lan-to-Lan VPN tunnels. I only want to have one or two IP's in my local encryption domain list, but I need to be able to point them to a number of other addresses on the same subnet, not on a different port on the router.
Hope this example makes sens!
Thanks
Doug
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide