pbr issue

Unanswered Question
Jun 4th, 2010

Dear All,

I have an issue with PBR.
I have one catalyst 3560 on which i created vlan 100 (server vlan svi
Other vlans are users vlans.

Users need to access the servers in their vlans,but at the same time
active directory servers replications and traceroute need to go through the isa server at address have setup pbr (see config) AD replication does not work and traceroute go through
the vsat connection.(The switch is connected to an ASA which has a vsat connection).
I need AD replication to work, and traceroute to go through the isa server.
Please find attached the config.

Please Help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kolawole1 Fri, 06/04/2010 - 10:57

Dear Sirs,

For example, a traceroute to yahoo from server with ip address goes through the vsat connection.But when i go to myipaddress.com, i can see  that the connection goes through the ISA server.

Active Directory replications are not being done, since traffic is not going through ISA server.  We have  partners  servers  to which our  AD  servers  replicate.These  partners  say that   replications are not being done because AD replication traffic is not going through ISA server.

I need to make sure AD replication traffic goes through ISA server.


gatlin007 Fri, 06/04/2010 - 12:20

Because the host you want to traverse the ISA server is in the same VLAN as the ISA server you would be better served to make the ISA server the default gateway for hosts that require the functionality you are describing. 

As an alternative you could attempt the topology below.

v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Malgun Gothic"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Option 1
- 3560 default route points to ISA server
- ISA Server default route points to ISA

Option 2
- 3560 default route points to the ASA
- PBR on Server VLAN SVI that selectively sends traffic to ISA server



kolawole1 Sat, 06/05/2010 - 02:35

Dear Sir,

Thanks for the  reply.Option 2  is  what  is  being  done  now. But  with  that  option   PBR on Server VLAN SVI does not selectively sends traffic to ISA server.Some times it does but after a few minutes it sends the traffic do the default route pointing to ASA.

For AD replications to work i need traffic for servers to be permanently sent to ISA server.The servers can not have the ISA server as their def gateway because in that case they will no more be accessible to users vlans.



This Discussion