PBR problem

alex goshtaei · ‎02-11-2011

Hi All,

we have simple PBR setup. there are two service provider, let's call them SP1 and SP2. SP1 connected to ASA, and SP2 connected to the PIX. There is a core router which is default gateway from entire LAN.

7120 router IP: 178.110.1.201

ASA: 178.110.1.7

PIX: 178.110.1.22

our public server (178.110.1.9) has to go out through ASA, and reset of the network through PIX. I have setup PBR as follow, but even the traffic from public server is going out through PIX, and it seems 7120 router never sends any traffic through ASA. any help would be very appreciated:

access-list 100 permit ip host 178.110.1.9 any

access-list 100 deny ip any any

access-list 101 permit ip 178.110.0.0 0.0.255.255 any

route-map PBR permit 10

match ip address 100

set ip next-hop 178.110.1.7

!

route-map PBR permit 20

match ip address 101

set ip next-hop 178.110.1.22

interface FastEthernet0/1

description Ethernet to Inside Network

ip address 178.110.1.201 255.255.0.0

ip directed-broadcast

ip accounting output-packets

no ip mroute-cache

ip policy route-map PBR

duplex full

speed 100

mjleach · ‎02-11-2011

If you issue the "show access-list 100" command, do you see matches against the ACL?

Also, does a "show route-map PBR" indicate that you are seeing policy routing matches or no?

lgijssel · ‎02-11-2011

This is a simple setup indeed. The config is fine so the solution should also be simple:

Your machine 178.110.1.9 likely has its def-gw set to the PIX.

As a result the policy is never used.

Other remarks:

For configs like this you can also use standard acls and the 'deny' in acl 100 is not necessary either.

regards,

Leo

alex goshtaei · ‎02-11-2011

thanks for the reply,

all the hosts inside the network use 7120 (178.110.1.201) as a default gateway, and this router is supposed to make a decision where it should route the traffic, but it sends all traffic to PIX (178.110.1.22).

thanks

Alex