Solved: next-hop

Gerard Gacusan · ‎07-09-2008

All traffic are via RTR-2. I have a specific hosts need to route via RTR-1. I would say, critical applications.

example, host 192.l68.200.1 should route via RTR-1.

i used route-maps command in Inside-Sw1/2 but won't work...

access-list 10 permit 192.168.200.1

route-map hosts permit 10

match ip address 10

set ip next-hop 10.10.10.1

i applied this route-map into the vlan 200 ...

a.alekseev · ‎07-10-2008

there are no matches...

maybe the soure ip address was changed by ASA?

View solution in original post

a.alekseev · ‎07-09-2008

you should do PBR on RTR-2...

FYI

set ip next-hop 10.10.10.1

10.10.10.1 must be the address of an adjacent router.

PBR Recursive Next Hop is not supported on L3 switches

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html

Rate a post if it helps

Gerard Gacusan · ‎07-09-2008

ok thanks. i'll try ...

Gerard Gacusan · ‎07-10-2008

I did the command line below in RTR-2. Host 192.168.200.1 is still using path to RTR-2...suppose the next-hop is RTR-1 10.10.1.1.

Any idea?

RTR-2:

interface FastEthernet0/0

ip address 10.10.1.2 255.255.255.0

ip policy route-map test

duplex auto

speed auto

access-list 12 permit 192.168.200.1

route-map test permit 10

match ip address 12

set ip next-hop 10.10.1.1

a.alekseev · ‎07-10-2008

do you have matches in access-list?

sh access-list

Gerard Gacusan · ‎07-10-2008

#sh access-list

Standard IP access list 12

10 permit 192.168.200.1

a.alekseev · ‎07-10-2008

there are no matches...

maybe the soure ip address was changed by ASA?

Gerard Gacusan · ‎07-11-2008

I found it and works now. I remember, this host 192.168.200.1 is inside of the network and the PBR router is on the outside. Therefore, add static NAT on the Firewall of 192.168.200.1 to public address x.x.x.x.

and on PBR router, change the following:

access-list 12 permit x.x.x.x

set ip next-hop 10.10.10.1

thanks