04-12-2011 08:44 AM - edited 03-04-2019 12:03 PM
Dear All
I have an issue with a c3845 router running IOS 12.4(9)T1.
I have a tunnel (GRE/IP) which is routed over IPSEC via internet, and a serial connection, both to the same remote router. router also has a gig 0/0 int for connection to site wan, and a second g0/1 for WAAS appliance.
The tunnel has a p-t-p IP configured 192.168.100.92/30
I have eigrp enabled over serial. No routes exchanged over tunnel.
The problem is with policy routing. The above description sounds pretty complex but the issue is simple.
I apply PBR to g0/0 using ''ip policy route-map MAP''
route-map MAP, permit, sequence 10
Match clauses:
ip address (access-lists): phil
Set clauses:
ip next-hop 192.168.100.93
Policy routing matches: 15856 packets, 17518454 bytes
bdr01-unamid-hq1#sh ip access-lists phil
Extended IP access list phil
10 permit icmp any host 192.168.1.2
20 permit tcp any host 192.168.1.2 (15856 matches)
Whilst I can see the route-map and acl hits, the traffic is never sent over tunnel. It always sends over serial.
a debug ip policy shows PBR is/should be working:
Apr 12 14:21:57.226: IP: s=192.168.200.254 (GigabitEthernet0/0), d=192.168.1.2, g=192.168.100.93, len 1472, FIB policy routed
Apr 12 14:21:57.226: IP: s=192.168.200.254 (GigabitEthernet0/0), d=192.168.1.2, len 1472, FIB policy match
....but it is not.
If I use static routing then the traffic flows over the tunnel.
Anyone have an idea what to check next? it's very odd.
Thanks in advance
Phil
04-12-2011 09:00 AM
One side is sending the traffic via the tunnel using PBR but how about the return traffic?
04-13-2011 12:25 AM
Hi
Thanks very much for your reply.
The return traffic is using the same method. The return traffic is successfully policy routed via the tunnel
edge-1#sh ip access-lists phil
Extended IP access list phil
10 permit icmp host 192.168.1.2 any
20 permit tcp host 192.168.1.2 any (15856 matches)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide