Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

next-hop

All traffic are via RTR-2. I have a specific hosts need to route via RTR-1. I would say, critical applications.

example, host 192.l68.200.1 should route via RTR-1.

i used route-maps command in Inside-Sw1/2 but won't work...

access-list 10 permit 192.168.200.1

route-map hosts permit 10

match ip address 10

set ip next-hop 10.10.10.1

i applied this route-map into the vlan 200 ...

1 ACCEPTED SOLUTION

Accepted Solutions

Re: next-hop

there are no matches...

maybe the soure ip address was changed by ASA?

7 REPLIES

Re: next-hop

you should do PBR on RTR-2...

FYI

set ip next-hop 10.10.10.1

10.10.10.1 must be the address of an adjacent router.

PBR Recursive Next Hop is not supported on L3 switches

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html

Rate a post if it helps

New Member

Re: next-hop

ok thanks. i'll try ...

New Member

Re: next-hop

I did the command line below in RTR-2. Host 192.168.200.1 is still using path to RTR-2...suppose the next-hop is RTR-1 10.10.1.1.

Any idea?

RTR-2:

interface FastEthernet0/0

ip address 10.10.1.2 255.255.255.0

ip policy route-map test

duplex auto

speed auto

access-list 12 permit 192.168.200.1

route-map test permit 10

match ip address 12

set ip next-hop 10.10.1.1

Re: next-hop

do you have matches in access-list?

sh access-list

New Member

Re: next-hop

#sh access-list

Standard IP access list 12

10 permit 192.168.200.1

Re: next-hop

there are no matches...

maybe the soure ip address was changed by ASA?

New Member

Re: next-hop

I found it and works now. I remember, this host 192.168.200.1 is inside of the network and the PBR router is on the outside. Therefore, add static NAT on the Firewall of 192.168.200.1 to public address x.x.x.x.

and on PBR router, change the following:

access-list 12 permit x.x.x.x

set ip next-hop 10.10.10.1

thanks

134
Views
0
Helpful
7
Replies