Policy Based Routing

Unanswered Question
Jul 7th, 2009

I want to route a specific host ( on the inside network out the DMVPN (Interface Tunnel0) instead of using the BGP network. I have created the following commands on the router:

route-map WSUS permit 9

match ip address 150

set interface Tunnel0

access-list 150 permit ip host - (I want to specify certain networks for this policy , this is the first)

interface FastEthernet0/0

ip policy route-map WSUS

With this config in place the host is still using the BGP network - What am I missing ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Tue, 07/07/2009 - 10:28


Did you apply a similar route-map at the remote end? If not, the return traffic will use the routing table.

How do you know the host is not traversing the tunnel for destination

Did you enable some kind of debugging?



gizbri Tue, 07/07/2009 - 10:54


Thanks for the response. At this point I set a static route at the other end for that host -

ip route Tunnel0

I haven't run any debugs yet - I added another statement for icmp in access-list 150. The trace routes show the host using the BGP route and using network monitoring software and the interface counters it is definitely using the BGP route to the 10.10 network. Oddly the access list is showing matches against it

Edison Ortiz Tue, 07/07/2009 - 11:13

Any other traffic traversing the tunnel?

Can you change the set interface with set ip address of the tunnel interface?

What type of device are you using?

'debug ip policy' will certainly help during a maintenance window.

gizbri Wed, 07/08/2009 - 05:32

The tunnel are set up for backup to the BGP network running EIGRP

When I change it to the IP of the tunnel interface nothing routes to 10.10. If i use the 10.10 tunnel interface as the next hp the trace route uses the tunnel but a file transfer doesn't.


This Discussion