Cisco 837 PBR/local policy question

osiristrading123 · ‎08-02-2007

Hi everyone

I have a Cisco 837 which runs two PPPoE sessions via its ATM interface (configured as dialer1 and dialer2). I have the traffic split & NAT configuration set up as I want, but there are some small problems:

1) Pinging the 2nd dialer interface from the outside results in the echo-reply being sent out of dialer1 (default route) and being dropped.

2) Trying to connect via ssh or telnet exhibits the same problem as above - no connection is possible.

Configuration of a local policy route-map resolves the issues above, but there is a catch: I have to specify the current dialer interface IP in an ACL and reference it in the route-map. The ADSL service I'm using provides a dynamic IP, so I have to change the ACL whenever the address changes.

Is there a way to solve the above?

kerek · ‎08-02-2007

Hi,

Do you want to forward all traffic back through the dialer2 receive on that or just that which destined to its public IP?

Krisztian

osiristrading123 · ‎08-02-2007

Just the traffic which is destined to its public IP.

kerek · ‎08-02-2007

Hi,

I think a reverse approach can be used. If you don't know what traffic should be enabled for policy routing try to determine what does not. I mean let's try to use an acl where deny the traffic which is not allowed to be policy routed and permit after any.

Hope it helps, rate if does

Krisztian

osiristrading123 · ‎08-02-2007

Hi Krisztian

I thought about doing it like this - however, the same problem is going to apply to the other interface (dialer1).

I've found a simple solution in the mean time, which seems to be working - I've statically NATted the dialer2 interface to a loopback address, and applied the local policy with an ACL specifying the loopback address.

Thanks your your suggestions.