PBR problem

Discussion in 'Cisco' started by paolo.caforio@gmail.com, May 8, 2012.

  1. Guest

    Dear All,



    i have a problem on configuring a PBR to let a server use as next hop a remote site connected by a GRE tunnel.



    The layout is:



    LAN ---- (vlan1) Router1 (Tunnel624) ---------GRE---------(Tunnel624) Router2 ---- Internet



    The objective is to PAT a server (172.18.2.100) located in my LAN on Router2 using his data line.





    Router 1 config is:



    interface Tunnel624

    ip address 172.26.252.25 255.255.255.252

    tunnel source FastEthernet0/0

    tunnel destination "public R2 IP address"



    interface Vlan1

    ip address 172.18.2.254 255.255.255.0

    ip nat inside

    ip virtual-reassembly

    ip policy route-map PBR





    ip access-list extended PBR

    permit ip host 172.18.2.100 any log





    route-map PBR permit 10

    match ip address PBR

    set ip next-hop 172.26.252.26

    !



    On Router2 the configuration is the following:



    interface Tunnel624

    ip address 172.26.252.26 255.255.255.252

    ip nat inside

    tunnel source Loopback0

    tunnel destination "public R1 IP address"

    !



    !

    interface FastEthernet0/0

    ip address "public R2 IP address"

    ip nat outside

    ip virtual-reassembly

    duplex auto

    speed auto

    no cdp enable

    !



    ip route 172.18.2.0 255.255.255.0 172.26.252.25



    ip nat inside source static tcp 172.18.2.100 80 "public R2 IP address" 80 extendable





    R2 and the server LAN can communicate perfectly.

    The problem is that no requests are received by the server if they comes from the "public R2 IP address".



    On R1 a "debug ip packets" gives the following "access denied" even if no access lists on the involved interfaces are configured.





    *May 7 12:03:35.683: IP: tableid=0, s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), routed via FIB

    *May 7 12:03:35.687: IP: s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), len 48, access denied

    *May 7 12:03:35.687: TCP src=50359, dst=80, seq=1253016140, ack=0, win=8192 SYN



    Have you any idea?



    thanks,



    Paolo
     
    , May 8, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nikos 'paranic' Parastatidis

    multi-homed DSL with NAT and PBR

    Nikos 'paranic' Parastatidis, Jun 17, 2004, in forum: Cisco
    Replies:
    3
    Views:
    4,061
    Martin Gallagher
    Jun 17, 2004
  2. Replies:
    4
    Views:
    1,693
    Walter Roberson
    Apr 23, 2005
  3. m@
    Replies:
    2
    Views:
    483
    Hansang Bae
    Jun 3, 2005
  4. Mark St Laurent

    PBR

    Mark St Laurent, Jul 14, 2005, in forum: Cisco
    Replies:
    0
    Views:
    917
    Mark St Laurent
    Jul 14, 2005
  5. Froggy_Zorgy

    Three ISP, NAT an PBR problem...

    Froggy_Zorgy, Dec 21, 2006, in forum: Cisco
    Replies:
    0
    Views:
    916
    Froggy_Zorgy
    Dec 21, 2006
Loading...

Share This Page