Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
0
Helpful
1
Replies

Policy Based Routing 6509

Timothy Burns
Level 1
Level 1

‎10-29-2014 11:34 AM - edited ‎03-07-2019 09:17 PM

below is my config that i am testing with.

ip access-list extended test
deny ip host 192.168.72.2 192.168.25.0.0 0.0.0.255
permit ip host 192.168.72.2 any

int vlan 10
ip address 192.168.72.254 255.255.255.0
ip policy route-map 857

route-map 857
match ip address access-list test
set ip next-hop 192.168.8.1

PBR seems to be working when I am inside vlan 10 on 192.168.72.2 I can get to the other internal network as well as to our other inetnet pipe which is where the next hop is. However I can not get reach that IP from any other network. 

Our end goal is to route traffic to another internet provider while still being able to access internal networks. I was originaly specifying 80 and 443 on the access list which worked fine, but there were a few internet sites we need access to that use different ports. So, instead of creating more rules I thought just use IP deny traffic to our internal networks and allow everythign else. But, like I said, with this config the other internal network can't reach inside that vlan. 

If I am missing any details, let me know.

Any suggestions?

 

Labels:
0 Helpful
1 Reply 1

Timothy Burns
Level 1
Level 1

‎08-26-2015 06:57 AM

For those that may have been wondering I got this corrected?

route-map 857
match ip address access-list test
set ip next-hop 192.168.8.1

Should be

route-map 857
match ip address test
set ip next-hop 192.168.8.1

The access-list is not needed and caused the issue of the route map trying to find an access-list called access-list.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card