Policy Based Routing advice
rgamino at gmail.com
Thu Aug 12 19:54:28 UTC 2010
Hmmm... The reason I recommended that is because I think I remember reading somewhere that the "set ip" command does not work on point-to-point interfaces. The outbound interface in your config has a /30 assigned to it so maybe it is seeing it as a p-t-p interface?
Do you have a "less preferred" route via that interface for the destination ip's? If not, I don't think your pbr will work either.
Sent from my iPhone
On Aug 12, 2010, at 3:33 PM, Andrey Khomyakov <khomyakov.andrey at gmail.com> wrote:
> I dont' think this will work. Here is the formal description of "set
> interface" from cisco.com:
> This action specifies that the packet is forwarded out of the local
> interface. The interface must be a Layer 3 interface (no switchports), and
> the destination address in the packet must lie within the IP network
> assigned to that interface. If the destination address for the packet does
> not lie within that network, the packet is dropped.
> Since in my case the packets are destined to random addresses on the webz,
> my understanding that this will effectively be a drop statement for them.
> But, no, I have not tried it.
> On Thu, Aug 12, 2010 at 3:25 PM, Rogelio <rgamino at gmail.com> wrote:
>> Have you tried "set interface" instead of "set ip"?
>> Sent from my iPhone
>> On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov <khomyakov.andrey at gmail.com>
>>> I did try an extended ACL and had the same result.
>>> The way I know that it's not working is that I see these packets arriving
>>> a wrong interface on the firewall and therefor being dropped.
>>> I actually had to open a CR with Cisco and they verified the config and
>>> nothing is wrong with it. They are escalating and will hopefully get back
>>> me about this.
> Andrey Khomyakov
> [khomyakov.andrey at gmail.com]
More information about the NANOG