Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   PBR problem (http://www.velocityreviews.com/forums/t946061-pbr-problem.html)

paolo.caforio@gmail.com 05-08-2012 02:29 PM

PBR problem
 

Dear All,



i have a problem on configuring a PBR to let a server use as next hop a remote site connected by a GRE tunnel.



The layout is:



LAN ---- (vlan1) Router1 (Tunnel624) ---------GRE---------(Tunnel624) Router2 ---- Internet



The objective is to PAT a server (172.18.2.100) located in my LAN on Router2 using his data line.





Router 1 config is:



interface Tunnel624

ip address 172.26.252.25 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination "public R2 IP address"



interface Vlan1

ip address 172.18.2.254 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map PBR





ip access-list extended PBR

permit ip host 172.18.2.100 any log





route-map PBR permit 10

match ip address PBR

set ip next-hop 172.26.252.26

!



On Router2 the configuration is the following:



interface Tunnel624

ip address 172.26.252.26 255.255.255.252

ip nat inside

tunnel source Loopback0

tunnel destination "public R1 IP address"

!



!

interface FastEthernet0/0

ip address "public R2 IP address"

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!



ip route 172.18.2.0 255.255.255.0 172.26.252.25



ip nat inside source static tcp 172.18.2.100 80 "public R2 IP address" 80 extendable





R2 and the server LAN can communicate perfectly.

The problem is that no requests are received by the server if they comes from the "public R2 IP address".



On R1 a "debug ip packets" gives the following "access denied" even if no access lists on the involved interfaces are configured.





*May 7 12:03:35.683: IP: tableid=0, s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), routed via FIB

*May 7 12:03:35.687: IP: s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), len 48, access denied

*May 7 12:03:35.687: TCP src=50359, dst=80, seq=1253016140, ack=0, win=8192 SYN



Have you any idea?



thanks,



Paolo


All times are GMT. The time now is 12:30 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.