02-07-2015 11:18 AM - edited 03-07-2019 10:33 PM
I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
I am sure I am just missing something silly.
Here are the relevant portions of the config:
interface GigabitEthernet0/0/1
ip address 172.31.0.20 255.255.254.0
ip nat inside
ip policy route-map Test
negotiation auto
vrrp 1 ip 172.31.0.1
vrrp 1 priority 105
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 2
ip address 10.10.48.12 255.255.255.224
ip nat inside
ip access-group 199 in
vrrp 1 ip 10.10.48.3
vrrp 1 priority 105
vrrp 2 priority 105
no cdp enable
ip route 0.0.0.0 0.0.0.0 10.10.48.1
ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
route-map Test permit 19
match ip address 116
continue 20
set ip next-hop 172.31.1.3
route-map Test1 permit 20
set ip next-hop 10.10.48.15
Thanks in advance.
Burton Hallman
02-07-2015 11:33 AM
The default route is pointing to 10.10.48.1 but the route map is pointing to 10.10.48.15
Can you verify?
HTH
02-07-2015 11:35 AM
Yes, this is correct. I have other VLANs on the 4451X that need to default route to 10.10.48.1, but the 172.31.0.0/23 will default route to 10.10.48.15
02-07-2015 03:10 PM
Firstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
That aside in terms of your PBR -
1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide