I have an issue with PBR. I have one catalyst 3560 on which i created vlan 100 (server vlan svi 172.31.0.120). Other vlans are users vlans.
Users need to access the servers in their vlans,but at the same time active directory servers replications and traceroute need to go through the isa server at address 172.31.0.16.I have setup pbr (see config) AD replication does not work and traceroute go through the vsat connection.(The switch is connected to an ASA which has a vsat connection). I need AD replication to work, and traceroute to go through the isa server. Please find attached the config.
For example, a traceroute to yahoo from server with ip address 172.31.0.3 goes through the vsat connection.But when i go to myipaddress.com, i can see that the connection goes through the ISA server.
Active Directory replications are not being done, since traffic is not going through ISA server. We have partners servers to which our AD servers replicate.These partners say that replications are not being done because AD replication traffic is not going through ISA server.
I need to make sure AD replication traffic goes through ISA server.
Because the host you want to traverse the ISA server is in the same VLAN as the ISA server you would be better served to make the ISA server the default gateway for hosts that require the functionality you are describing.
As an alternative you could attempt the topology below.
Option 1 - 3560 default route points to ISA server - ISA Server default route points to ISA
Option 2 - 3560 default route points to the ASA - PBR on Server VLAN SVI that selectively sends traffic to ISA server
Thanks for the reply.Option 2 is what is being done now. But with that option PBR on Server VLAN SVI does not selectively sends traffic to ISA server.Some times it does but after a few minutes it sends the traffic do the default route pointing to ASA.
For AD replications to work i need traffic for servers to be permanently sent to ISA server.The servers can not have the ISA server as their def gateway because in that case they will no more be accessible to users vlans.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...