[nsp] policy-routing GRE tunnel packets

Steve Francis steve at expertcity.com
Tue Aug 19 11:00:36 EDT 2003 

I dont think that tunnel packets fall under the definition of "packets 
generated by the router", which is what the ip local policy command 
controls.

Have you tried applying

ip policy route-map local-policy

to the tunnel interfaces? I would think that would work.


Alexander Bochmann wrote:

>Hi,
>
>thanks for all the answers so far...
>
>...on Tue, Aug 19, 2003 at 10:14:27AM -0400, Streiner, Justin wrote:
>
> > > I had assumed that the Tunnel packets would be
> > > subject to local policy routing, but that doesn't
> > > seem to work - according to packet debugging, the
> > You may be able to use VRF instances to make this work.  It should also
> > work fine with 12.3(1a) since that's an outgrowth of 12.2T.  That train
>
>Hum. Perhaps I should try to outline what I'm trying to 
>do - possibly there's just some stupid mistake...
>
>Following is a rough makeup of the original config:
>
>!
>interface FastEthernet0/0
> ip address 192.168.0.1 255.255.255.0
>!
>interface FastEthernet0/1
> ip address 192.168.10.1 255.255.255.0
>!
>interface Tunnel0
> ip address 10.0.0.1 255.255.255.252
> tunnel source FastEthernet0/0
> tunnel destination 172.16.0.1
>!
>interface Tunnel1
> ip address 10.0.10.1 255.255.255.252
> tunnel source FastEthernet0/1
> tunnel destination 172.16.10.1
>!
>ip local policy route-map local-policy
>ip route 0.0.0.0 0.0.0.0 192.168.0.254
>!
>access-list 110 permit ip 192.168.10.1 0.0.0.0 any
>!
>route-map local-policy permit 10
> match ip address 110
> set ip next-hop 192.168.10.254
>!
>
>Theoretically, Tunnel1 packets should be subject to 
>the local policy route-map and be sent out via fa0/1 -
>but, in policy routing debugging, nothing is showing 
>up right now, and packet debugging says that the packets 
>are being sent out via fa0/0, following the default 
>route.
>
>Does local policy-routing depend on some other global 
>configuration command that is not implicitly enabled 
>by IOS?
>
> > Make sure you use the "ip tcp adjust-mss" global command and the "tunnel
> > keepalive <X> <Y>" interface command. 
>
>Oh, I didn't know about the tunnel keepalives and was 
>planning to use some routing protocol...
>
>Alex.
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>  
>

More information about the cisco-nsp mailing list