Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
637
Views
0
Helpful
2
Replies

PBR Policy Based Routing issue

Go to solution
renemerki1
Level 1
Level 1

ā€Ž11-04-2015 12:10 AM - edited ā€Ž03-08-2019 02:33 AM

Hi 

I've a problem at a customer.
The customer has Router in Romania. He has 2 connectivity. One Internet connection and one "Carrier line for Voice (Lync,Business Skype) Traffic only".
The Problem we have is following. On the Router 1941 we want to make PBR based on the Policy UDP/TCP ports. (Attached config file).
Voice Traffic from Head-End in Switzerland is passing the correct way through the Carrier line but from Romania to the Head-End it goes over the VPN tunnel (Internet).
could you have a look at the config and maybe help us, why the Policy based ACL is not working ?
We see only 50 kbit/s on this connection but from Switzerland to Romania up to 2 Mbit/s.

Many thanks for your support.

Regards

RenƩ

Labels:
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
enter2014
Level 1
Level 1

ā€Ž11-06-2015 09:23 AM

Rene,

From the config it looks like your input interface is G0/1.373 and the desired PBR output is G0/0/0?

I would just verify that the access-list is catching the right ports. Can you use a source destination without specifying tcp/udp ports between 2 hosts to see if that works? That way you can eliminate an ACL issue. I don't recall if PBR increments the ACL counters but you can check that to make sure your traffic is being matched. 

Marco.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
enter2014
Level 1
Level 1

ā€Ž11-06-2015 09:23 AM

Rene,

From the config it looks like your input interface is G0/1.373 and the desired PBR output is G0/0/0?

I would just verify that the access-list is catching the right ports. Can you use a source destination without specifying tcp/udp ports between 2 hosts to see if that works? That way you can eliminate an ACL issue. I don't recall if PBR increments the ACL counters but you can check that to make sure your traffic is being matched. 

Marco.

0 Helpful

Go to solution
renemerki1
Level 1
Level 1
In response to enter2014

ā€Ž11-27-2015 05:18 AM

Hi Marco,

Many thanks for your help. It's fixed now. It helped removing the port's. Then the customer find out that some Firewall Parameters were affecting the PBR functionallity.

These were the Parameters: From Customer:

  • Problem Zeilen sind:
    • ip inspect audit-trail
    • ip inspect udp idle-time 1800
    • ip inspect dns-timeout 60
    • ip inspect tcp idle-time 14400
    • ip inspect name out_wan_inspect udp router-traffic
    • ip inspect name out_wan_inspect tcp router-traffic
    • ip inspect name out_wan_inspect ftp timeout 3600
    • ip inspect name out_wan_inspect rcmd timeout 3600
    • ip inspect name out_wan_inspect realaudio timeout 3600
    • ip inspect name out_wan_inspect smtp timeout 3600
    • ip inspect name out_wan_inspect tftp timeout 30
    • ip inspect name out_wan_inspect udp timeout 15
    • ip inspect name out_wan_inspect tcp timeout 3600
  • Thanks
  • RenĆ©
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card