Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
1
Replies

FIB policy rejected(no match) - normal forwarding

mohammad saeed
Level 5
Level 5

‎09-14-2020 04:09 AM

Hi Guys,

 

I am working or Cisco router ios (C2900-UNIVERSALK9-M), Version 15.4(1)T3,

 

and I want to us PBR to forward the telnet traffic from my inside server 10.10.3.150 using 5014 port to remote IP 10.196.15.216 from another site.

 

I have this configuration:

interface GigabitEthernet0/0
 description ## CONEECTED DIRECTLY WITH 10.10.3.150 SERVER FOR TEST##
 ip address 10.10.3.152 255.255.252.0
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map 5014inToOut
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description *** CONNECTED TO remote ***
 ip address 10.198.5.133 255.255.255.128
 ip nat outside
 ip virtual-reassembly in
 ip policy route-map 7006OutToIn
 duplex auto
 speed auto

ip nat inside source static 10.10.3.151 10.198.5.224 extendable
ip nat inside source static 10.10.3.150 10.198.5.244 extendable

ip route 10.178.0.0 255.255.0.0 10.198.5.129
ip route 10.196.0.0 255.252.0.0 10.198.5.129

!
ip access-list extended ACL5014
 permit tcp host 10.198.5.224 eq 5014 host 10.196.15.192 eq 5014
 permit tcp host 10.198.5.244 host 10.196.15.216 eq 5014
ip access-list extended ACL7006
 permit tcp host 10.196.15.216 eq 7006 host 10.198.5.244 eq 7006
 permit tcp host 10.198.5.129 eq 7006 host 10.198.5.244 eq 7006
 permit tcp host 10.198.5.129 eq 7006 host 10.198.5.224 eq 7006
 permit tcp host 10.196.15.192 eq 7006 host 10.198.5.224 eq 7006

route-map 7006OutToIn permit 10
 match ip address ACL7006
 set interface GigabitEthernet0/0
!
route-map 5014inToOut permit 10
 match ip address ACL5014
 set interface GigabitEthernet0/1

the nat is working:

Pro Inside global      Inside local       Outside local      Outside global
tcp 10.198.5.244:61425 10.10.3.150:61425  10.196.15.216:5014 10.196.15.216:5014
--- 10.198.5.244       10.10.3.150        ---                ---
--- 10.198.5.224       10.10.3.151        ---                ---

but the when debug IP policy I got this message:

*Sep 14 09:41:03.275: IP: s=10.10.3.150 (GigabitEthernet0/0), d=10.196.15.216, len 52, FIB policy rejected(no match) - normal forwarding

what could be the issue?

 

The server is connected directly with router.

 

Thanks,

Mohammad Saeed

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎09-14-2020 04:30 AM

As per my understanding, you do not have default route ? below route do not cover "10.196.15.216" - Either increase the mask to cover 255.255.248.0 or add another route entry.

 

ip route 10.196.0.0 255.252.0.0 10.198.5.129

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents