Hi Alain,

Thanks for your reply.

Here are the design and the configuration

Hi,

can you make a pdf for topology because I can't open visio files.

What does sh standby 46 outputs?

Regards.

Alain

Don't forget to rate helpful posts.

I changed the attachment.

Hi,

ok I saw it. You want the communication between the 2 hosts to take the path you drawed  going to the firewall which is the next-hop you set ?

But the Pc on the left is in Vlan 13 not vlan 46 so you got to apply the policy under vlan 13 interface.

Regards.

Alain

Don't forget to rate helpful posts.

On 6500 chassis, I also have a policy on vlan 13 to configure the next hop on the vlan 46. This configuration works.

On the 3750 switches, I have a policy on vlan 46 to have a next hop on vlan 48 which is the firewall : my packet never match the policy....

I think that there are 2 behaviours because of the hardware itself?

No,

it's just that this traffic leaves vlan 46 so it is egress never ingress and PBR is only for ingress traffic.

If the 6500 supports you should modify your policy to set the next-hop to the firewall IP using the recursive keyword.

Regards.

Alain

Don't forget to rate helpful posts.

Did you changte the sdm template to routing on the C3750 ?

sdm prefer routing

reload

I think this is required for PBR to work,

GN

Yes, I changed the SDM template.

Hi Dominique,

just to be clearer the 6500 on its PBR sets as next hop an address in vlan 46, I suppose it sets the HRSP address 192.168.46.254. Can you confirm? If not please clarify.

The PBR on the 3750 sets as next hop IP 192.168.48.251. What is it? Is it the FW I guess, right?

What is the original destination of the traffic coming from vlan 13 (source and destination IP addresses please)?

Can you print the output of a ping from a host in vlan 13?

Riccardo