I have a problem with Policy Based Routing on a Cisco Catalyst 6500 with IOS ipservicesk9-mz.122-33.SXH2a.
I try to redirect traffic, and only that traffic, for machines with private ip address (10.10.10.0/24) to the port TCP/1111
of a server 195.x.x.1 in public ip. The principle is: my 10.10.10.0/24 machines emit traffic bound for the port
tcp/1111 to 195.x.x.1 , the PBR on the 6500 router intercepts traffic which sends it on a Linux NAT (10.10.10.2) that translate through his second interface (public) on the destination server (195.x.x.1). The NAT server can not be made from 6500 but from a different machine for other reasons. The Policy Based Routing (ip policy route-map) is applied on a vlan interface, I also experimented with on a physical interface without further success.
The Linux NAT server is working properly.
Here, the Policy Based Routing (route-map) is not working. Here is the conf:
! Creation of the road-map
TST-route-map PBR permit 10
! Filtering machines
match ip address ACL-TST
! Address assignment redirect traffic (NAT server)
set ip next-hop 10.10.10.2
6500 # show ip access-list ACL-TST
Extended IP access list ACL-TST
10 permit tcp 10.10.10.0 0.0.0.255 host 195.x.x.1 eq 1111
Have you an idea where it comes from? if you need more informations, please feel free to ask me;-)
Thank, no traffic is redirected from 6500 to the NAT server. I enabled the log on my ACL-TST and a tcpdump on the interface 10.10.10.2 of my NAT server, no redirected traffic is visible. I feel that this route-map doesn't work. I also have another road-map on 6500 (route redistribution) is not working also, do you think the two might be related?
let this PBR be as it is. looks fine to me.
Try setting a static ARP entry for your next hop value (10.10.10.2) in your switch (find out 10.10.10.2 mac address and do it), see if it works.
plz Rate if it helped,
Good idea ... I just tried but without success. The NAT server does not receive traffic redirexted by the 6500 PBR . I think I have a problem with my road-map, but which one?
A precision: the entire rest of the networks managed by this 6500 router is working properly.
I found a couple of complains about IOS bugs: CSCsm08087 and CSCsl39710.
maybe you r hitting those!
in this link: https://supportforums.cisco.com/thread/2048224
plz Rate if it helped,