I have a need to configure PBR on my network but I only want to use it for two ports, 80 and 443, the rest of the traffic should follow the normal routing rules. I have two networks the voice 10.10.x.x network and data 192.168.x.x network. I want all voice traffic to go accross the WAN while all data traffic goes through a VPN connection. All of this is working fine except when a PC wants to access a web page that is on the 10.10.1.x network. It goes accross the WAN from the remote branch because the routers know about the 10.10.1.x network but when the server on the 10.10.1.x network respons back it is being sent over the VPN connection because the routers do not know how to get to the 192.168.7.x network so it sends it to the firewall. I have configured PBR on the network now but I can only seem to get it to work when I specify the whole network range. I want to use PBR for port 80 and 443 only. Here is my working config and what I want to do.
encapsulation dot1Q 10
ip address 10.10.1.250 255.255.255.0
ip policy route-map ccm-web
access-list 162 permit ip host 10.10.1.10 192.168.2.0 0.0.0.255
access-list 162 permit ip host 10.10.1.11 192.168.2.0 0.0.0.255
access-list 163 permit ip host 10.10.1.10 192.168.3.0 0.0.0.255
access-list 163 permit ip host 10.10.1.11 192.168.3.0 0.0.0.255
access-list 164 permit ip host 10.10.1.10 192.168.4.0 0.0.0.255
access-list 164 permit ip host 10.10.1.11 192.168.4.0 0.0.0.255
access-list 165 permit ip host 10.10.1.10 192.168.5.0 0.0.0.255
access-list 165 permit ip host 10.10.1.11 192.168.5.0 0.0.0.255
access-list 167 permit ip host 10.10.1.10 192.168.7.0 0.0.0.255
access-list 167 permit ip host 10.10.1.11 192.168.7.0 0.0.0.255
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...