vpdn & policy routing

david.sua · ‎11-30-2006

Hi all,

I have a scenario with two wan connections.

I want one for dialin vpdn (gre) and the other one for internet (the rest).

I try to do a route map for routing gre traffic across Dialer1 interface but this not works.

here is my config,

ip local policy route-map routinglocal

!

ip route 0.0.0.0 0.0.0.0 FastEthernet0 x.x.x.x

!

route-map routinglocal permit 8

match ip address 120

set interface Dialer1

!

access-list 120 permit gre any any

access-list 120 permit tcp any eq 1723 any

access-list 120 permit tcp any any eq 1723

!

if i set a route for dialer 1 vpdn works fine but i have teleworkers with dynamic ip then i can't set route for each host.

Somebody can help me?

thanks in advance

jackyoung · ‎11-30-2006

Did you try to use "ip policy route-map" command instead of "ip local policy route-map" ?

Where the "ip local policy route-map" command is for the packet which is originating from the router locally. And you can also check the ACL counter to ensure the packet is matched w/ the ACL, otherwise, it doesn't work. You also need to ensure the destination interface is correct. If you checked above but still not work, please post the full config for reference.

Check below :

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca572.html

Hope this helps.

david.sua · ‎12-01-2006

Yes, i tried to use "ip policy route-map" on Dialer1 but it doesn't work.

full config is attached.

Regards

jackyoung · ‎12-02-2006

I found you apply the policy route-map at the dialer interface but one of the condition of the poicy is to set the next-hop to dialer 1. There is a conflict that the policy route-map should be applied to the incoming interface, e.g. local LAN interface, if the packet incoming from the local LAN interface then based on the policy to forward to the preferred next-hop ip or interface.

Could you tell which interface is the local interface ? Please advise the traffic flow, which is the incoming and which is the outgoing and under what condition to which interface ?

Hope this helps.

david.sua · ‎12-05-2006

I was testing different places to apply policy and then i forgot unset route-map from dialer 1.

The packet incoming from dialer 1 (internet) and outgoing by dialer 1.

All gre and TCP 1723 packets should apply the route-map.

jackyoung · ‎12-05-2006

Do you mean the incoming and outgoing interface for the policied traffic is the same ? If yes, I believe it won't work and I did not test this way before.

Could you elaborte more on the details of the flow direction ? Thx.

david.sua · ‎12-07-2006

yes, incoming and outgoing interface for the policied traffic is the same.

I have two wan interfaces, Dialer1 and FastEthernet0. FastEthernet0 is for incoming and outgoing general traffic. And dialer1 is for incoming and outgoing gre traffic.

If i dont do with route-map, how can i set Dialer1 for incoming and outgoing gre traffic? Default route is Fastethernet0