Hi,
I am implementing PBR on an ISR 1921 router. I have created a route-map to match FTP, VPN, HTTPS and HTTP traffic and route this traffic outside a particular interface and another route-map to match SMTP traffic and route it via another interface. I am testing the route-map by generating for example FTP traffic, and checking that packets are marked as being matched when I run #show route-map and #show access-list. For VPN, FTP and SMTP, the show commands make sense and show that all is working as expected.
What is strange is that I am NOT generating any HTTP or HTTPS traffic but I am still getting the route-map and access-list counters continuously incrementing. I even installed wireshirk on the 3 laptops I am using for testing, and no HTTP/HTTPS traffic is being noticed. Any ideas what this could be? Is the router generating some traffic itself? (I did read that the router-generated traffic is NOT matched by the route-map unless specified and I have turned the Cisco Configuration Professional in case it is using HTTP/HTTPS).
Here is the related config:
interface GigabitEthernet0/0
description $ETH-LAN$ (this is the interface which is seeing the traffic)
ip address 192.168.11.1 255.255.255.0
....
ip policy route-map route_traffic_to_outside
.....
ip access-list extended ISP1
permit tcp object-group Internal_Network any eq smtp
ip access-list extended ISP2
permit object-group FTP object-group Internal_Network any
permit object-group VPN object-group Internal_Network any
permit tcp object-group Internal_Network any eq www
....
route-map route_traffic_to_outside permit 1
match ip address ISP1
set interface FastEthernet0/0/0
!
route-map route_traffic_to_outside permit 2
match ip address ISP2
set interface FastEthernet0/0/1
Any clues would be appreciated as I cannot understand what is happening.
Thanks,
Tiziana