Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

local policy configuration for ios version 12.2

I have configured local policy for our route, but it seems working only for icmp. I can ping any where, but can not use ssh. configuration is:

ip local policy route-map manage

access-list 100 permit ip any

route-map manage permit 10

match ip address 100

set ip next-hop

Could anyone advice what problem it may be?

Any comments will be appreciated

Thanks in advance


Re: local policy configuration for ios version 12.2

Can you provide more information?

What are you trying to SSH to? From where?

Can you show us the rest of the config of the router?

New Member

Re: local policy configuration for ios version 12.2

nothing else, just

interface GigabitEthernet1/0/1

description test

no switchport

ip address

mls qos trust dscp

line vty 0 4

password xxxx

transport input ssh

I can ssh from subnet, but, if I can not ssh from So the configuration for ssh do not have any problem.


Re: local policy configuration for ios version 12.2

Im not sure I understand you completely, but I'll take a shot.

It seems that you have configured some policy routing for traffic originating from the network. All traffic sourced from there will take a next hop of, whatever that host is.

Now, there is an implicit deny at the end of the route map, so all other traffic will not be policy routed, only will be. All other traffic will be routed according to the route table.

So, Im assuming that the problem is that traffic from is not reaching its intended target, and Im also assuming that there is no route in the routing table -- or the route is not what you want; hence, the creation of the route map. However, with the implicit deny, all traffic other than will be routed the "normal" way.

I dont know if I have helped you...but good luck.


New Member

Re: local policy configuration for ios version 12.2

first, great thanks for the replys.

I should mention what is my purpose to test this.

I want to configure an exception, so when my router's all route dead, I still can access the box from anywhere in my public and private networks.

I have done half success. when there is no any routes listed. I can ping from any where in my control subnets.

However, I can not ssh into the box.

I have tried to removed " access-list 100 permit ip any " and change to "access-list 100 permit ip any any "

but, same result, that is I can ping from anywhere in my networks, but not ssh into it.

Please advice

CreatePlease to create content