Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy routing-should be simple?

I have a 2821 running 12.4T. I am trying to use OER to utilize the directly connected 2xT1 and an ethernet connected cable modem/router. OER works wonderfully (except it doesn't seem to restart if an interface goes down) but one little wrinkle: The mail server behind the firewall

There is an ASA that sits between our internal net and the 2821. It is translating. We have a static translation for the mail server/OWA server. I need traffic that comes from that box to go out the 2xT1 on the 2821, because if it goes out the cable modem it gets translated again and obviously gets discarded by the requester (Say an OWA user)

So, a simple route map right?

access-list 5 permit host serverIP

route-map mail1 permit 20

match ip address 5

set ip next-hop IPofNexthop

(OR set ip default next-hop, tried it both ways)

Int gig0/0 (interface packets arrive on)

ip policy route-map mail1

IP Policy debug shows:

FIB policy rejected(no match) - normal forwarding

Surely I'm missing something rudimentary?


Re: Policy routing-should be simple?

Just a basic check -

In Access list 5 -

The IP is the Public IP of the server right ?

New Member

Re: Policy routing-should be simple?

Yes it is. I've tried with an extended ACL as well.

New Member

Re: Policy routing-should be simple?

Have you tried a "show access-list 5" to see if you are actually getting matches on that list? If you are you can try doing a "set interface" instead of a "set ip next-hop" in your route map. That's the way I do mine.

New Member

Re: Policy routing-should be simple?

I've checked that ACL (I'm logging on it) and seen *some* hists, but not nearly as many as there should be. It almost looks like it's matching traffic when that server initiates a connection out but not when it's replying to a connection started from the outside.

I'm going to try an OER map next.