«

When my router A routes locally generated icmp packets (local PBR) it always
puts ip address of it's interface fa1 as the source address for those PBR
routed packets. Traffic is policy routed trough tunnel interface 0 using
next hop of router's B tunnel interface 0. This is what I want to accomplish
and it works, but I noticed that router A always generates packets with
source IP address of its fa1 interface. Now, I'm curious why is that so...

Router A:
int fa1
ip add 10.0.0.2
!
int vlan 2
description GRE tunnel source
ip add 10.0.0.10
crypto-map vpn
!
int tunnel 0
description GRE with router B
ip add 172.168.1.1
tunnel-source vlan 2
tunnel-destination 10.0.0.14
!
ip route 0.0.0.0 0.0.0.0 fa1
ip local policy route-map tracker
!
route-map tracker permit
match ip add 171
set ip next-hop 172.168.1.2 - this is IP of tunnel interface on router B
!
access-list 171 permit icmp any host 195.29.150.3 echo

Router B config is irrelevant because debug ip policy on router A shows that
there is always fa1 ip address used as the source for locally generated
traffic. Now if I want to be able to ping 195.29.150.3 from router A I need
to put static route to router's A fa1 interface address on router B which is
something that I would like to avoid.

Regards,
Igor

The router will use as the source ip address, the interface that the router
will use to send the packet. I don't know how PBR affects this. This is
true for any packets or TCP connections initiated by the router. For some
connections, you can specify the source IP (TACACs, SNMP, NTP, etc), for
others you can't (TFTP, telnet)

You can specify the source IP used by pings. Enter "ping" without any
arguments and answer the prompts. When it asks "Extended commads [n]" enter
"y". The next prompt will be for the source address. You can specify an
interface name or an interface ip address.


"Igor Mamuzic" <> wrote in message
news:ghlg1h$13f$...
> When my router A routes locally generated icmp packets (local PBR) it
> always puts ip address of it's interface fa1 as the source address for
> those PBR routed packets. Traffic is policy routed trough tunnel interface
> 0 using next hop of router's B tunnel interface 0. This is what I want to
> accomplish and it works, but I noticed that router A always generates
> packets with source IP address of its fa1 interface. Now, I'm curious why
> is that so...
>
> Router A:
> int fa1
> ip add 10.0.0.2
> !
> int vlan 2
> description GRE tunnel source
> ip add 10.0.0.10
> crypto-map vpn
> !
> int tunnel 0
> description GRE with router B
> ip add 172.168.1.1
> tunnel-source vlan 2
> tunnel-destination 10.0.0.14
> !
> ip route 0.0.0.0 0.0.0.0 fa1
> ip local policy route-map tracker
> !
> route-map tracker permit
> match ip add 171
> set ip next-hop 172.168.1.2 - this is IP of tunnel interface on router B
> !
> access-list 171 permit icmp any host 195.29.150.3 echo
>
> Router B config is irrelevant because debug ip policy on router A shows
> that there is always fa1 ip address used as the source for locally
> generated traffic. Now if I want to be able to ping 195.29.150.3 from
> router A I need to put static route to router's A fa1 interface address on
> router B which is something that I would like to avoid.
>
> Regards,
> Igor
>

ok I discovered that it always uses IP address of the interface with default
route as source IP address for locally generated packets Until now I
thought that router will always use IP address of egress interface as a
source ip until configured to not do so. Is there any logical explanation
about this?

Igor

In article <ghr9eu$p9g$>, (Igor Mamuzic aka Pseto) writes:

| ok I discovered that it always uses IP address of the interface with default
| route as source IP address for locally generated packets Until now I
| thought that router will always use IP address of egress interface as a
| source ip until configured to not do so. Is there any logical explanation
| about this?

I believe the router typically uses as a source address the primary address
of the interface that would hypothetically be the egress interface under
normal routing rules. It does not "pre run" any other code (e.g., route
maps) that could result in a different egress interface. Even in some
simple cases you can get undesirable effects. For example, if the interface
is chosen because of the route installed for a secondary address the router
still uses the primary address as source. In many cases where it matters
at all this is not the address you want...

Dan Lanciani
ddl@danlan.*com