Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Policy Based Routing on GRE Tunnel Interface

****My previous working Policy Based Routing configuration. When 192.168.1.0/24 and 192.168.2.0/24 passes FastEthernet1 they are rerouted to 10.10.10.1 which the exit interface is FasEthernet0.

!

Interface FastEthernet0

ip address 10.10.10.2 255.255.255.252

!

Interface FastEthernet1

ip address 192.168.3.1 255.255.255.252

ip policy route-map INT-EXIT

!

access-list 100 remark INT-EXIT

access-list 100 permit ip 192.168.1.0 0.0.0.255 any log-input

access-list 100 permit ip 192.168.2.0 0.0.0.255 any log-input

access-list 100 deny ip any any

!

route-map INT-Exit permit 10

match ip address 100

set ip next-hop 10.10.10.1

**** My new NOT working Policy Based Routing configuration. IT seems that 192.168.1.0/24 and 192.168.2.0/24 are not being captured by PBR that I put to Tunnel0 interface as well as FastEthernet1 and therefore they are not rerouted to 10.10.10.1 or FastEthernet0.

!

Interface Tunnel0

ip address 192.168.4.1 255.255.255.252

ip mtu 1500

ip ospf network point-to-point

ip ospf mtu-ignore

ip policy route-map INT-Exit

tunnel source Fastethernet1

tunnel destination 192.168.5.1

!

Interface FastEthernet0

ip address 10.10.10.2 255.255.255.252

ip policy route-map INT-Exit

!

Interface FastEthernet1

ip address 192.168.3.1 255.255.255.252

ip policy route-map INT-EXIT

!

access-list 100 remark INT-EXIT

access-list 100 permit ip 192.168.1.0 0.0.0.255 any log-input

access-list 100 permit ip 192.168.2.0 0.0.0.255 any log-input

access-list 100 deny ip any any

!

route-map INT-Exit permit 10

match ip address 100

set ip next-hop 10.10.10.1

Question: What could be the problem here? is this something to do with GRE Tunnel?

2 REPLIES
Silver

Re: Policy Based Routing on GRE Tunnel Interface

In the configuration, since the access list has a destination address " any", this implies that the policy will have to to bypass the default route. So can you just try giving "set ip default next-hop 10.10.10.1" instead of " set ip next-hop 10.10.10.1 " and see whether it works.

Silver

Re: Policy Based Routing on GRE Tunnel Interface

Try removing the ip policy route-map on the fasthethernet 0 and see what happens.

395
Views
0
Helpful
2
Replies
CreatePlease to create content