Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
4
Replies

pbr issue

kolawole1
Level 1
Level 1

‎06-04-2010 07:52 AM - edited ‎03-04-2019 08:40 AM

Dear All,

I have an issue with PBR.
I have one catalyst 3560 on which i created vlan 100 (server vlan svi 172.31.0.120).
Other vlans are users vlans.

Users need to access the servers in their vlans,but at the same time
active directory servers replications and traceroute need to go through the isa server at address
172.31.0.16.I have setup pbr (see config) AD replication does not work and traceroute go through
the vsat connection.(The switch is connected to an ASA which has a vsat connection).
I need AD replication to work, and traceroute to go through the isa server.
Please find attached the config.

Please Help

Labels:
67413-SWPRI.TXT.zip
0 Helpful
4 Replies 4

gatlin007
Level 4
Level 4

‎06-04-2010 09:02 AM

kolawole1,

Can you give us an example of a source address that isnt being properly routed to the ISA server based on a destination port?

Thanks,

Chris

http://travelingtech.net

0 Helpful

kolawole1
Level 1
Level 1
In response to gatlin007

‎06-04-2010 10:57 AM

Dear Sirs,

For example, a traceroute to yahoo from server with ip address 172.31.0.3 goes through the vsat connection.But when i go to myipaddress.com, i can see  that the connection goes through the ISA server.

Active Directory replications are not being done, since traffic is not going through ISA server.  We have  partners  servers  to which our  AD  servers  replicate.These  partners  say that   replications are not being done because AD replication traffic is not going through ISA server.

I need to make sure AD replication traffic goes through ISA server.

Thanks.

0 Helpful

gatlin007
Level 4
Level 4
In response to kolawole1

‎06-04-2010 12:20 PM

Because the host you want to traverse the ISA server is in the same VLAN as the ISA server you would be better served to make the ISA server the default gateway for hosts that require the functionality you are describing. 


As an alternative you could attempt the topology below.

Option 1
- 3560 default route points to ISA server
- ISA Server default route points to ISA


Option 2
- 3560 default route points to the ASA
- PBR on Server VLAN SVI that selectively sends traffic to ISA server


Chris

http://travelingtech.net

0 Helpful

kolawole1
Level 1
Level 1
In response to gatlin007

‎06-05-2010 02:35 AM

Dear Sir,

Thanks for the  reply.Option 2  is  what  is  being  done  now. But  with  that  option   PBR on Server VLAN SVI does not selectively sends traffic to ISA server.Some times it does but after a few minutes it sends the traffic do the default route pointing to ASA.

For AD replications to work i need traffic for servers to be permanently sent to ISA server.The servers can not have the ISA server as their def gateway because in that case they will no more be accessible to users vlans.


67440-SWPRI.TXT.zip
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card