Policy Based Routing 6509

Timothy Burns · ‎10-29-2014

below is my config that i am testing with.

ip access-list extended test
deny ip host 192.168.72.2 192.168.25.0.0 0.0.0.255
permit ip host 192.168.72.2 any

int vlan 10
ip address 192.168.72.254 255.255.255.0
ip policy route-map 857

route-map 857
match ip address access-list test
set ip next-hop 192.168.8.1

PBR seems to be working when I am inside vlan 10 on 192.168.72.2 I can get to the other internal network as well as to our other inetnet pipe which is where the next hop is. However I can not get reach that IP from any other network.

Our end goal is to route traffic to another internet provider while still being able to access internal networks. I was originaly specifying 80 and 443 on the access list which worked fine, but there were a few internet sites we need access to that use different ports. So, instead of creating more rules I thought just use IP deny traffic to our internal networks and allow everythign else. But, like I said, with this config the other internal network can't reach inside that vlan.

If I am missing any details, let me know.

Any suggestions?

Timothy Burns · ‎08-26-2015

For those that may have been wondering I got this corrected?

route-map 857
match ip address access-list test
set ip next-hop 192.168.8.1

Should be

route-map 857
match ip address test
set ip next-hop 192.168.8.1

The access-list is not needed and caused the issue of the route map trying to find an access-list called access-list.