Policy Based Routing

gizbri · ‎07-07-2009

I want to route a specific host (10.1.0.26) on the inside network out the DMVPN (Interface Tunnel0) instead of using the BGP network. I have created the following commands on the router:

route-map WSUS permit 9

match ip address 150

set interface Tunnel0

access-list 150 permit ip host 10.1.0.26 10.10.0.0 0.0.255.255 - (I want to specify certain networks for this policy , this is the first)

interface FastEthernet0/0

ip policy route-map WSUS

With this config in place the host is still using the BGP network - What am I missing ?

Thanks

Brian

Edison Ortiz · ‎07-07-2009

Brian,

Did you apply a similar route-map at the remote end? If not, the return traffic will use the routing table.

How do you know the host is not traversing the tunnel for destination 10.10.0.0/16?

Did you enable some kind of debugging?

__

Edison.

gizbri · ‎07-07-2009

Edison,

Thanks for the response. At this point I set a static route at the other end for that host -

ip route 10.1.0.26 255.255.255.255 Tunnel0

I haven't run any debugs yet - I added another statement for icmp in access-list 150. The trace routes show the host using the BGP route and using network monitoring software and the interface counters it is definitely using the BGP route to the 10.10 network. Oddly the access list is showing matches against it

Edison Ortiz · ‎07-07-2009

Any other traffic traversing the tunnel?

Can you change the set interface with set ip address of the tunnel interface?

What type of device are you using?

'debug ip policy' will certainly help during a maintenance window.

gizbri · ‎07-08-2009

The tunnel are set up for backup to the BGP network running EIGRP

When I change it to the IP of the tunnel interface nothing routes to 10.10. If i use the 10.10 tunnel interface as the next hp the trace route uses the tunnel but a file transfer doesn't.

gizbri · ‎07-08-2009

3745 and a 2811

Edison Ortiz · ‎07-08-2009

The IP must be from the remote tunnel, not the local tunnel.