Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
4
Replies

Route-Map

deepa.muralidharan
Level 1
Level 1

‎01-20-2009 12:29 AM - edited ‎03-06-2019 03:32 AM

I have created a Route-map as shown below:

access-list 119 permit ip host 10.130.100.27 host 10.5.118.150

access-list 119 permit ip host 10.130.100.27 host 10.5.118.151

access-list 119 permit ip host 10.130.100.28 host 10.5.118.150

access-list 119 permit ip host 10.130.100.28 host 10.5.118.151

!

!

route-map VPN permit 10

match ip address 119

set ip next-hop 10.130.2.7

!

!

interface Vlan100

description ***Data Server VLAN***

ip address 10.130.100.2 255.255.255.0

no ip redirects

ip policy route-map VPN

standby 1 ip 10.130.100.1

standby 1 priority 120

standby 1 preempt

!

Here the route-map is created to point all the traffic between the specified Source & Destination hits - 10.130.2.7. This is a VPN interface.

The route's at VPN end are intact. At the destination, I have a similar route cretaed & pointing to the VPN at the Far-end.

This was working completely fine & all of a sudden, now we witness that the route-map is not working & that the traffic between the host mentioned are not traversing the VPN.

What could be the problem? We have not made any changes in the configuration / environment.

Howver, we have some of other systems configured under access-list 119 which are traversing the VPN wothout any issues (i.e, route-map is working).

Please assist!

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-20-2009 01:40 AM

Hello Deepa,

>> Howver, we have some of other systems configured under access-list 119 which are traversing the VPN wothout any issues (i.e, route-map is working).

Verify if the misbeahiving host's default gateway has been changed:

if so it is sending packets to another router where the PBR is not applied

have someone do

ipconfig /all

route print

on the misbeahving host the router cannot do PBR if packets are not sent to it.

Hope to help

Giuseppe

0 Helpful

Kerem Gursu
Level 1
Level 1

‎01-20-2009 03:52 AM

have you also checked the hsrp state between the active / standby routers?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Kerem Gursu

‎01-20-2009 04:21 AM

Deepa

It might be helpful if we saw the entire access list 119. If some other devices are working with the route map then obviously there are other entries in the access list. Perhaps there is some order sensitivity in the access list?

It might also be helpful to do a tracert (or traceroute depending on what type of device it is) and see what is the next hop. Is it really the router with the route map configured?

It might also help if we knew what happens with traffic from those sources to those destinations. Does it get forwarded using regular routing logic or does that traffic get dropped? Especially if the traffic is dropped I would look carefully at the possibility that the route map is working and that there is some change or some problem with the VPN.

HTH

Rick

HTH

Rick
0 Helpful

deepa.muralidharan
Level 1
Level 1
In response to Richard Burts

‎01-20-2009 07:33 PM

Any traffic from 10.5.118.150 to 10.130.100.27 is getting routed as expected, ie, route-map is working & the traffic is getting routed via VPN. But the vice versa is not working. Any traffic from 10.130.100.27 is getting routed over our MPLS link rather than the VPN - route-map is not working

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card