09-16-2008 10:39 PM - edited 03-03-2019 11:34 PM
I am trying to implement PBR on my network. Basically we have 2 LANs and 2ISPs. Business requirments that traffic from LAN1 would go to ISP1 and trafic from LAN2 go to ISP2. I implemented two route maps that match traffic from either LAN and set IP addresses of approprate ISP as next hop router. I also have two default routes to each ISP. The problem is that LAN1 has Internet access and LAN2 does not. Traceroute shows that traffic stops at the router, when I do show route-map the counter that shows matching packets and bytes increment for both route-maps.
Example:
access-list 101 ip deny LAN1 LAN2
access-list 101 ip permit LAN1 any
access-list 102 ip deny LAN2 LAN1
access-list 102 ip permit LAN2 any
route-map LAN1_internet permit 10
match ip address 101
set ip next-hop ISP1
route-map LAN2_internet permit 10
match ip address 102
set ip next-hop ISP2
ip route 0.0.0.0 0.0.0.0 ISP1
ip route 0.0.0.0 0.0.0.0 ISP2
What am I missing to get work? Do I need the static routes, or I better get rid of them?
09-16-2008 11:01 PM
Hi,
1.Is it contradicting that
"business requirement that trafic from LAN2 go to ISP2"
and
"The problem is that LAN1 has Internet access and LAN2 does not."
2.Don't use default route here, you need to use BGP, otherwise , how will you apply the route maps.
3.Also , you don't have to deny traffic from LAN 1 to LAN 2 ,
Assuming you have 2 routers , dual homed to different service provider
------------------------------------------
access-list 10 permit LAN1
route-map LAN1-OUTGOING permit 10
match ip address 10
set ip next-hop ISP1
------------------------------------------
access-list 20 permit LAN2
route-map LAN2-UTGOING permit 10
match ip address 10
set ip next-hop ISP2
------------------------------------------
apply route map in
neigbor ISP1 route-map LAN1-OUTGOING
neigbor ISP2 route-map LAN2-OUTGOING
--------------------------------------------
3.Also apply incoming policy
4.run IBGP between your internal routers..
HTH...rate if helpful...
09-17-2008 07:01 AM
There is one router. LAN2 cannot get on the Internet using either ISP; also ISP2 is what I need. I did same thing as you descibed. I guess I have to remove default routes. Any other thoughts? Also if this may help. I can ping from LAN2 to ISP2.
09-17-2008 11:26 AM
Yakob
I wonder if the problem is not something different from a problem with PBR. Is it possible that the traffic going from lAN2 to ISP2 is not being translated when it should be (or is not being translated correctly)?
Perhaps a more comprehensive posting of the config (especially both input interfaces and both output interfaces, and any translations) would help us to identify the problem.
HTH
Rick
09-19-2008 08:09 PM
Thanks everybody for your help. I got it working. Removed default routes and ensured that NAT is place.
09-20-2008 10:27 AM
Yakob
I am glad that my suggestion that is was perhaps not a problem with PBR pointed you in the right direction for solving your problem. Thank you for posting back to the thread and indicating that you had solved the problem and how you solved it. It makes the forum more useful when people can read a problem and can know what solution resolved the problem.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: