I have a L3 4507 which does OSPF over a WAN , but I also does the routing into Internet.
I have a host on the inside (10.100.1.23/24) which I need to route into the internet over a native IPSEC tunnel on port 22.
All other traffic from this host should go into OSPF not VPN.
I have made a route map on the switch matching an ACL which permits 22 for that host and sets the next-hop as the FW inside interface IP.
Now , with TCP in the ACL, it is not working , all traffic is being sent into OSPF over that WAN originating from that source.
If I modify the ACL and replace TCP with IP , then it works , but all traffic from the host will be sent over the IPSEC tunnel which I dont want.
I could not really find any valid answer to this, so help is much wanted and appreciated!
Thank you for providing the information that you have. This is an interesting problem but without access to the equipment or other detailed information I do not think that we can do much else to help find a solution.