Hi,

Can't seem to understand this behaviour and Im kind ot leaning towards thinking that it is a bug , or perhaps Im missing something.. any insite greatly appretiated.

I have PRB setup to send ftp only traffic through a different gateway/PIX firewall for few specific local hosts. This is configured in a 6509 MSFC2 router

with c6msfc2-psv-mz.121-11b.E.bin code.




Route-map ftp_only_viaPIX3 permit 30

Description FTP outbound Via PIX3

match ip address 101

set ip next-hop 10.10.0.1

set ip default next-hop 192.168.2.4




interface VlanXX

ip policy route-map ftp_only_viaPIX3







access-list 101 permit tcp host 10.168.100.40 any eq ftp

access-list 101 permit tcp host 10.168.100.40 any eq ftp-data

access-list 101 permit tcp host 10.168.100.38 any eq ftp

access-list 101 permit tcp host 10.168.100.38 any eq ftp-data

the ftp traffic works fine going PIX3 gateway, and rest of traffic www and others go through regular default route.

when I place the keyword log at the end of each access list 101 line the pbr for ftp no longer works, if I remove the (log) word the prb works so I have to leave it as such without the log, but.. when I do show access-list 101 no hit count is seen against any of the acl statements at all, the ftp is confirmed is going through right gateway because the ftp server at other end sees the public PAT address for these hosts.

could this be a bug?

Regards