Solved: Re: route-map for two routes

CSCO11638397 · ‎07-04-2012

The LAN is connecting to Router A, A and Router B are connected to directly, Router C is connected through a Switch.

IP route is in placed on Router A pointing to Router B for all the internet traffic.

IP ROUTE 0.0.0.0 0.0.0.0 ISP 1

We need to forward all the SMPT traffic to Router C, I create router map to filter the access list capture SMPT and assign them to next hop as Router C, still it’s not working.

The route-map config as

Access-list 120 permit tcp 192.168.0.0 0.0.0.255 any eq smtp

route-map EMAIL permit 10

match ip address 120

set ip next hop 192.168.0.1

interface gi0/1

ip policy route-map EMAIL

any suggestion or any other method to accomplish this?

cadet alain · ‎07-04-2012

Hi,

in your topology the 192.168.0.0/24 network is the network between router A and router C but SMTP traffic is sourced from another interface on router A not from router A itself.So you have to enable PBR on this interface and modify ACL to give correct subnet.

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎07-05-2012

Hi,

in your case PBR won't be of no use, the only way to do this using PBR would be using the switch as a L3 and default gateway for LAN hosts and then use PBR on the switch applying the route-map on the VLAN interface of the LAN hosts with a next-hop of router C but you would have to use other subnets to the routers.

Maybe more expert people here will find another solution keeping your current topology but I don't see one.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

phoenix3195 · ‎07-06-2012

Hi,

I think you are assigning the policy route on the wrong interface. Try assigning it on the incoming direction. One more thing, with the route-map, you need to add the following:

route-map EMAILpermit 20.

And leave it empty, it usually won't work without an empty route-map line to match the rest of the traffic.

Thanks

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎07-04-2012

Hi,

in your topology the 192.168.0.0/24 network is the network between router A and router C but SMTP traffic is sourced from another interface on router A not from router A itself.So you have to enable PBR on this interface and modify ACL to give correct subnet.

Regards.

Alain.

Don't forget to rate helpful posts.

CSCO11638397 · ‎07-05-2012

Thanks for the replay

The LAN is on the same subnet (192.168.0.0/24) and which is connected to Switch, sorry its not direclty connected to Router A, but All the hosts are configure Router A as default gateway. still I wanted to make sure which is correct method to point Router C either local interface or ISP interface as next-hop to solve this issue? Thanks

Alessio Andreoli · ‎07-05-2012

Did you try to use a different set of static routes? A more longest match routing implementation could help.

Remaining on the route-map i would use an extended ACL matching the protocol you need for(SMTP), and then setting only for that acl the next hop to router C or whatever you want.

Hope it helps

Alessio

cadet alain · ‎07-05-2012

Hi,

in your case PBR won't be of no use, the only way to do this using PBR would be using the switch as a L3 and default gateway for LAN hosts and then use PBR on the switch applying the route-map on the VLAN interface of the LAN hosts with a next-hop of router C but you would have to use other subnets to the routers.

Maybe more expert people here will find another solution keeping your current topology but I don't see one.

Regards.

Alain

Don't forget to rate helpful posts.

phoenix3195 · ‎07-06-2012

Hi,

I think you are assigning the policy route on the wrong interface. Try assigning it on the incoming direction. One more thing, with the route-map, you need to add the following:

route-map EMAILpermit 20.

And leave it empty, it usually won't work without an empty route-map line to match the rest of the traffic.

Thanks

Don't forget to rate helpful posts.

CSCO11638397 · ‎07-08-2012

Hi Alain/Omran,

It's working. Thanks