Policy Route-Map forwarding

guitarmajor · ‎10-27-2008

Hi,

I have a new Barracuda Spam firewall to deploy. On the border router I configured all incoming SMTP traffic from the T1 circuit to forwarded to Barracuda appliance and from there it is relayed to Checkpoint Firewall which is NAT to our internal Exchange 2003 server.

Problem:

1. From the router I can ping Barracuda.

2. On the router I see access-list 180 counter increasing.

3. On the Barracuda I can ping 4.2.2.2.

4. On the Barracuda, I don't see any incoming SMTP traffic at all. I'm not sure what the problem is...?

Please read the my attached graph..

Router config:

S0/0 :

ip policy route-map SMTP_MAP

access-list 180 permit tcp any host 48.123.21.15 eq smtp

route-map SMTP_MAP permit 80

match ip address 180

set ip next-hop 48.123.21.16

set interface FastEthernet0/0

ajagadee · ‎10-27-2008

Hi,

What chassis is this and what Software Version are you running?

Is it possible for you to remove this statement "set interface FastEthernet0/0" from your route-map and do the testing again.

The reason I am asking to do the testing by removing the above command is, to verify whether the "set interface" is taking precedence over the "set ip next-hop". I hope it makes sense.

Regards,

Arul

* Pls rate if it helps*

tcordier · ‎10-28-2008

The Fa0/0 interface of your router has a /28 mask which does not include the IP address of the Barracuda (48.123.21.16). If this is a flat network, your router will fail to forward the SMTP traffic to the Barracuda, whilst you still would see the match in the access list. It could be you have a simple connectivity issue due to an addressing problem. I would suggest to test with a /27 mask. The rest of your setup looks fine.