Policy routing-should be simple?

Unanswered Question
Jun 14th, 2007

I have a 2821 running 12.4T. I am trying to use OER to utilize the directly connected 2xT1 and an ethernet connected cable modem/router. OER works wonderfully (except it doesn't seem to restart if an interface goes down) but one little wrinkle: The mail server behind the firewall

There is an ASA that sits between our internal net and the 2821. It is translating. We have a static translation for the mail server/OWA server. I need traffic that comes from that box to go out the 2xT1 on the 2821, because if it goes out the cable modem it gets translated again and obviously gets discarded by the requester (Say an OWA user)

So, a simple route map right?

access-list 5 permit host serverIP

route-map mail1 permit 20

match ip address 5

set ip next-hop IPofNexthop

(OR set ip default next-hop, tried it both ways)

Int gig0/0 (interface packets arrive on)

ip policy route-map mail1

IP Policy debug shows:

FIB policy rejected(no match) - normal forwarding

Surely I'm missing something rudimentary?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
anandramapathy Thu, 06/14/2007 - 22:38

Just a basic check -

In Access list 5 -

The IP is the Public IP of the server right ?

luthierone Mon, 06/18/2007 - 09:14

Have you tried a "show access-list 5" to see if you are actually getting matches on that list? If you are you can try doing a "set interface" instead of a "set ip next-hop" in your route map. That's the way I do mine.

mattward6 Mon, 06/18/2007 - 10:24

I've checked that ACL (I'm logging on it) and seen *some* hists, but not nearly as many as there should be. It almost looks like it's matching traffic when that server initiates a connection out but not when it's replying to a connection started from the outside.

I'm going to try an OER map next.

Actions

This Discussion