Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy Based Routing with PPTP/GRE is this possible?

I have an 1841 with

one adsl interface pointing to the internet to isp1

I have Fa0/1 pointing to isp2

I have one lan interface fa0/0

with ip address 10.1.1.254

Presently I only have one Static nat for

an inside address of 10.1.1.1 which nats to a public address & proxies for mail & PPTP (The 10.1.1.1 is an ISA SERVER). I want to configure PBR so that mail goes to PPTP goes through isp1 & all other traffic through isp2

I have used the following route-maps in an attempt to do this.

ip nat inside source static 10.1.1.1 194.72.X.X route-map outside_nat1 (new nat for VPN)

ip nat inside source static 10.1.1.1 217.36.X.X route-map outside_nat2

(new nat for all other traffic)

route-map outside_nat1 permit 10

match ip address 101

set default interface FastEthernet0/1

access-list 101 permit tcp host 10.1.1.1 eq 1723 any

access-list 101 permit gre host 10.1.1.1 any

route-map outside_nat2 permit 10

match ip address 102

set default interface Dialer0

access-list 102 deny tcp host 10.1.1.1 eq 1723 any

access-list 102 deny gre host 10.1.1.1 any

Interface FastEthernet0/0

ip policy route-map vpn_only

route-map vpn_only permit 10

match ip address 110

set default interface FastEthernet0/1

access-list 110 permit tcp host 10.1.1.1 eq 1723 any

access-list 110 permit gre host 10.1.1.1 any

Using this configuration I can still collect mail from ISP1, but when I try to make the connection for the remote access PPTP vpn via isp2 I can see a nat translation for the address but no GRE connection info & the vpn won't work.

for example, before employing PBR i see the following translations when connected to the vpn

#show ip nat translations

tcp 217.36.X.X:1723 10.1.1.1:1723 195.200.x.x:1485 195.200.x.x:1485

gre 217.36.x.x:7576 10.1.1.1:7576 195.200.x.x:7576 195.200.X.x:7576

gre 217.36.X.X:32768 10.1.1.1:32768 195.200.X.X:32768 195.200.X.X:32768

This includes 1723 for pptp & an entry for gre, however when I use the PBR I only see TCP connection including 1723 for the PPTP, but NO GRE translation. How do I get this to work?

1 REPLY
Silver

Re: Policy Based Routing with PPTP/GRE is this possible?

It's bacause of the bug CSCeh96245,

The workaround is to ensure that GRE traffic does not match PBR rule.

522
Views
0
Helpful
1
Replies
CreatePlease login to create content