route map for router generated traffic doesn't fully work

Discussion in 'Cisco' started by Centaury, Oct 18, 2005.

  1. Centaury

    Centaury Guest

    Hi,
    I'm trying to achieve the following:
    - 10.2.2.2 polls the router via snmp
    - The router does not have a route to 10.2.2.2 in the routing table
    - Use policy routing so that router generated traffic can be routed to
    10.2.2.2 via 10.1.1.2

    I have defined a route map as follows, but strangely it seems that when I
    snmp query from 10.2.2.2 to the router, the snmp response from the router
    cannot get back to 10.2.2.2. When I telnet or ssh from 10.2.2.2 to the
    router, the route map is used and traffic of the router generated traffic
    (telnet, ssh) gets back with no problems. If i remove the route map and put
    a static route to 10.2.2.2 in the routing table, everything including the
    snmp response gets back to 10.2.2.2. Doesn't the statement "match ip address
    mylist" already match the snmp response from the router?
    What am I missing here?

    BTW, one thing i've found confusing is i had to explicitly permit traffic to
    the router "access-list 100 permit ip host 10.2.2.2 any", or else, ssh would
    not work. Isn't traffic TO the router not affected by ACLs??

    TIA.


    interface lo0
    ip address 1.1.1.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    !
    interface fa0/0
    ip address 10.1.1.1 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    speed auto
    no cdp enable
    !
    ip local policy route-map mymap

    access-list 100 permit ip host 10.2.2.2 any
    access-list 100 deny ip any any

    route-map mymap permit 10
    match ip address mylist
    set ip next-hop 10.1.1.2
    !
    ip access-list extended mylist
    permit ip any host 10.2.2.2
    !

    <all other config, including snmp-server config omitted>
     
    Centaury, Oct 18, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.