[Re: [nsp] policy-routing GRE tunnel packets]
Joshua Sahala
joshua.ej.smith at usa.net
Wed Aug 20 21:15:24 EDT 2003
i use pbr on some of my tunnels
int tun3
ip policy route-map my_map
route-map my_map permit 10
match ip address 101
set int tun2
access-list 101 permit ip 10.0.0.0 0.0.0.255 172.16.16.0 0.0.0.255
lather, rinse, repeat for each source/destination pair
perhaps i am not understanding just what you want, but this is
what works for me.
hth
/joshua
Alexander Bochmann <bochmann at FreiNet.de> wrote:
> ..on Tue, Aug 19, 2003 at 05:47:00PM +0200, Alexander Bochmann wrote:
>
> > Theoretically, Tunnel1 packets should be subject to
> > the local policy route-map and be sent out via fa0/1 -
> > but, in policy routing debugging, nothing is showing
> > up right now
>
> I've come to the conclusion that policy-routing the
> GRE encapsulated Tunnel packets is not possible.
> Obviously, the GRE encapsulation happens at some place
> in the system where policy-routing doesn't have any
> impact.
> Other locally generated packets are policy-routed fine,
> that that it should work in principle - but not the
> GRE packets, although they have a source address that
> should be subject to policy-routing when leaving the
> system.
>
> So, there's probably no other way than host-routing
> the Tunnel destionations via the appropriate gateway,
> as some people suggested...
>
> Alex.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -
More information about the cisco-nsp
mailing list