I have a route-map set up which redirects all port 80 traffic from 10.250.48.0/24 hosts to a web page which is routed on another router.
The route-map is placed on the vlan interface for the 10.250.48.0 vlan, and sets the next-hop as the IP address for the second router, where the redirect web page is routed.
The next-hop on that router for this traffic is the IP address of the redirect web page.
This works fine UNTIL I apply an extended ACL on the vlan interface for the 10.250.48.0 subnet. The ACL restricts access to certain networks and hosts, but it does explicitly allow all port 80 traffic.
As soon as I apply the ACL to the 10.250.48.0 vlan the redirect fails to work. Removing the ACL restores the redirect feature.
A route map is used in Policy Based Routing to examine traffic and to make a routing decision that effectively over rides the normal routing logic. Most of the time the route map makes use of an access list as the mechanism to identify the traffic. In this case any traffic permitted by the access list is policy base routed and any traffic not permitted in the access list is not policy base routed and uses the normal routing logic.
If your PBR stops working when you apply the access list then I would guess that there is a flaw in the access list and that it is not permitting the correct traffic. If you provide more details about your environment and the details of your PBR and the access list then perhaps we can make a suggestion about how to fix it.
Thank you for the additional information which does help to clarify the issue. Seeing this and re-reading your original post I realize that I did not understand correctly your question and my answer was about something different from what you were really asking. I am sorry about that.
Having seen the access list and the config I now understand what you were really asking, and I believe that I have a better answer to your question. I believe that this is the line in question:
permit tcp any any eq www
To get to the problem let us remember that when the client sends a request to the server that port 80 is the destination port. And that when the server sends a response to the client that port 80 becomes the source port. And since the access list is applied out on the VLAN interface it is permitting responses (rather than requests). So it needs to permit 80 as the source port and not as the destination port (which is what you have). I believe that if you change it to this you will find that it works:
Thanks for posting back to the thread and indicating that the problem was solved. I am glad that I was able to help you find the solution. Hindsight does tend to make things look simple when they were not nearly so obvious when it was an active issue. And the source port/destination port issue is an easy one to overlook.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.