Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 837 PBR/local policy question

Hi everyone

I have a Cisco 837 which runs two PPPoE sessions via its ATM interface (configured as dialer1 and dialer2). I have the traffic split & NAT configuration set up as I want, but there are some small problems:

1) Pinging the 2nd dialer interface from the outside results in the echo-reply being sent out of dialer1 (default route) and being dropped.

2) Trying to connect via ssh or telnet exhibits the same problem as above - no connection is possible.

Configuration of a local policy route-map resolves the issues above, but there is a catch: I have to specify the current dialer interface IP in an ACL and reference it in the route-map. The ADSL service I'm using provides a dynamic IP, so I have to change the ACL whenever the address changes.

Is there a way to solve the above?

4 REPLIES
Silver

Re: Cisco 837 PBR/local policy question

Hi,

Do you want to forward all traffic back through the dialer2 receive on that or just that which destined to its public IP?

Krisztian

New Member

Re: Cisco 837 PBR/local policy question

Just the traffic which is destined to its public IP.

Silver

Re: Cisco 837 PBR/local policy question

Hi,

I think a reverse approach can be used. If you don't know what traffic should be enabled for policy routing try to determine what does not. I mean let's try to use an acl where deny the traffic which is not allowed to be policy routed and permit after any.

Hope it helps, rate if does

Krisztian

New Member

Re: Cisco 837 PBR/local policy question

Hi Krisztian

I thought about doing it like this - however, the same problem is going to apply to the other interface (dialer1).

I've found a simple solution in the mean time, which seems to be working - I've statically NATted the dialer2 interface to a loopback address, and applied the local policy with an ACL specifying the loopback address.

Thanks your your suggestions.

114
Views
0
Helpful
4
Replies