Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1489
Views
0
Helpful
6
Replies

PBR

egua5261
Level 1
Level 1

‎09-30-2010 12:50 AM - edited ‎03-04-2019 09:57 AM

Hi There,

I have a site that has two internet connections; and i'm using Policing Based Routing to force a particular host to go out to the internet via the secondary link. The configuration is pretty straight forward as shown below,

route-map backup-link-route permit 10
match ip address 100
set ip default next-hop 10.10.10.249

access-list 100 deny   ip host 10.10.10.101 10.10.10.0 0.0.255.255
access-list 100 permit ip host 10.10.10.101 any

interface Fa0/0

ip address 10.10.10.254

ip policy route-map backup-link-route

This configuration is working fine for outbound connections but i'm not sure how it works for inbound connections. I'm having some difficulty trying to access this host externally using RDP. I have checked the static nat rule in place for this and it seems to be fine. I'm not sure how PBR works for inbound connections

Can anyone provide any feedback?

Cheers,

Esteban

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎09-30-2010 09:46 AM 

egua5261 wrote:
Hi There,
I have a site that has two internet connections; and i'm using Policing Based Routing to force a particular host to go out to the internet via the secondary link. The configuration is pretty straight forward as shown below,
route-map backup-link-route permit 10
 match ip address 100
 set ip default next-hop 10.10.10.249
access-list 100 deny   ip host 10.10.10.101 10.10.10.0 0.0.255.255
access-list 100 permit ip host 10.10.10.101 any
interface Fa0/0
ip address 10.10.10.254
ip policy route-map backup-link-route
This configuration is working fine for outbound connections but i'm not sure how it works for inbound connections. I'm having some difficulty trying to access this host externally using RDP. I have checked the static nat rule in place for this and it seems to be fine. I'm not sure how PBR works for inbound connections
Can anyone provide any feedback?
Cheers,
Esteban

Esteban

PBR only works in one direction. So if you want to influence the return traffic you would need to either -

1) NAT the source address as it leaves your router to the external router interface so that the return traffic goes to the right interface. This may or may be possible depending on your topology and also what applications you are running.

2) Use PBR at the other end of the link as well to force the return traffic to take the same path.

Jon

0 Helpful

egua5261
Level 1
Level 1
In response to Jon Marshall

‎10-04-2010 08:11 PM

Hi John,

Thanks for your response. I decided to go for the second option of your recommendation, however i still cant connect to the server from outside.

>>2) Use PBR at the other end of the link as well to force the return traffic to take the same path.

So this is what i added in the router that terminates the secondary link, which the inbound connection is coming through. With the idea to force the return traffic back the same path.

access-list 110 permit ip any host 10.10.10.101

route-map machine101-route permit 10
match ip address 110
set ip default next-hop 10.10.10.254

interface FastEthernet0/1
ip address
ip nat outside
ip virtual-reassembly
ip route-cache flow
ip policy route-map machine1-route

interface FastEthernet0/0
ip address 10.10.10.249 255.255.0.0
ip nat inside
ip virtual-reassembly

ip nat inside source static tcp 10.10.10.101 3389 interface FastEthernet0/1 64444 (this line was not added; it was already in the config)

Running a debug in this router to capture packets traversing the access-list 110 i get the following,

*Oct  5 14:12:23.085: IP: tableid=0, s=203.XX.XX.XX (FastEthernet0/1), d=210.XX.XX.XX (FastEthernet0/1), routed via RIB
*Oct  5 14:12:23.089: IP: s=203.XX.XX.XX (FastEthernet0/1), d=210.XX.XX.XX (FastEthernet0/1), len 128, rcvd 3

Can you shed some light? What does routed via RIB mean?

Regards,

Esteban

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to egua5261

‎10-05-2010 01:28 AM

The RIB is simply the routing table.

Can you post a quick topology diagram of how the routers are connected, the addressing involved and the router configs at both ends.

Jon

0 Helpful

egua5261
Level 1
Level 1
In response to Jon Marshall

‎10-06-2010 12:14 AM

Hi Jon,

See the diagram attached. The topology is very simple. It is set up using only static routes, not routing protocols involved. I have only changed the public IPs in the diagram for privacy matters.

Following is the output from the show ip nat translations command in router B, when i try to remote desktop to host (10.10.10.249) from an outside connection. I have changed the public IPs in the output to reflect the change made in the diagram and i altered the last octects of the public ip i was connecting for privacy matters as mentioned above.

sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 203.1.1.1.:64444 10.10.10.101:3389 203.39.XX.XX:22562 203.39.XX.XX:22562
tcp 203.1.1.1:64444 10.10.10.101:3389 ---                ---

Please let me know if it is clear and what to try next?

Cheers,

Esteban

Preview file
48 KB
0 Helpful

FayazAli2008
Level 1
Level 1
In response to egua5261

‎10-06-2010 12:21 AM

Hello

0 Helpful

FayazAli2008
Level 1
Level 1
In response to FayazAli2008

‎10-06-2010 12:22 AM

Can you help me in VPN connection

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card