HI,
I am trying to get PBR to work and be scalable.
I have this situation (example):
I want to policy route packets with a source of 192.168.1.0 /24 and a destination of 172.16.8.0 /24 to 10.10.1.1
so I can do this:
ip access-list 199 permit ip 192.168.1.0 0.0.0.255 172.16.8.0 0.0.0.255
route-map TEST1 permit 10
match ip address 199
set ip next-hop 10.10.1.1
and this works.
But I would like to setup a way so I don't have tons of these kinds of access lists. What I'd like to be able to do is to specify one access list for the source and another for the destination. The docs say that I should be able to put multiple match statements in and they work as an AND and both must be true for the match to occur. However, when I do this, the first match occurs and the route map uses the set command whether or not the 2nd match is there.
so:
ip access-list 190 permit ip 192.168.1.0 0.0.0.255 any
ip access-list 191 permit ip any 172.16.8.0 0.0.0.255
route-map TEST1 permit 10
match ip address 190
match ip address 191
set ip next-hop 10.10.1.1
This matches everything with a source of 192.168.1.0 /24 regardless of the destination.
Does anyone understand what I am doing wrong?
thanks.