Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ip policy

hello

i have a router R1 connected to internet via S1 and to a remote site via

S0 (both LL).

so as static routes i have:

ip route 0.0.0.0 0.0.0.0 s1

ip route 192.168.2.0 255.255.255.0 s0

i configured R1 to direct trafic coming from a remote IP user to a

specific host (firewall on the LAN). i used route-map with access list:

so :

access-list 10 permit 192.168.2.1 0.0.0.0

!

route-map test permit

match ip address 10

set ip next-hop 172.16.87.254

!

int s0

ip policy route-map test

!

i think there is an implicit deny, but when i use an other remote IP

address i can usually go to the internet without passing by the

firewall. the debug ip policy, says the paquet does not match the map so

it uses default route . i thought R1 must discard the paquet because of

the implicit deny. is it normal?

sincerally

please replay to chikh@imel.org

2 REPLIES
Gold

Re: ip policy

Falling through a route map doesn't mean the packet is dropped--it means it is routed based on the routing table, rather than policy routed. Thus, what you need to do is to either filter the packet with an access list, or create a second route map entry matching everything and setting the next hop interface to null0, or something along those lines....

Russ

New Member

Re: ip policy

i see thanks for your explanaition

90
Views
0
Helpful
2
Replies