[nsp] policy-routing GRE tunnel packets

John Jackson jjackson at onenet.net
Tue Aug 19 14:46:51 EDT 2003


I've tried that in my case and it didn't make a difference.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Steve Francis
> Sent: Tuesday, August 19, 2003 12:01 PM
> To: Alexander Bochmann
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] policy-routing GRE tunnel packets
> 
> I dont think that tunnel packets fall under the definition of "packets
> generated by the router", which is what the ip local policy command
> controls.
> 
> Have you tried applying
> 
> ip policy route-map local-policy
> 
> to the tunnel interfaces? I would think that would work.
> 
> 
> Alexander Bochmann wrote:
> 
> >Hi,
> >
> >thanks for all the answers so far...
> >
> >...on Tue, Aug 19, 2003 at 10:14:27AM -0400, Streiner, Justin wrote:
> >
> > > > I had assumed that the Tunnel packets would be
> > > > subject to local policy routing, but that doesn't
> > > > seem to work - according to packet debugging, the
> > > You may be able to use VRF instances to make this work.  It should
> also
> > > work fine with 12.3(1a) since that's an outgrowth of 12.2T.  That
> train
> >
> >Hum. Perhaps I should try to outline what I'm trying to
> >do - possibly there's just some stupid mistake...
> >
> >Following is a rough makeup of the original config:
> >
> >!
> >interface FastEthernet0/0
> > ip address 192.168.0.1 255.255.255.0
> >!
> >interface FastEthernet0/1
> > ip address 192.168.10.1 255.255.255.0
> >!
> >interface Tunnel0
> > ip address 10.0.0.1 255.255.255.252
> > tunnel source FastEthernet0/0
> > tunnel destination 172.16.0.1
> >!
> >interface Tunnel1
> > ip address 10.0.10.1 255.255.255.252
> > tunnel source FastEthernet0/1
> > tunnel destination 172.16.10.1
> >!
> >ip local policy route-map local-policy
> >ip route 0.0.0.0 0.0.0.0 192.168.0.254
> >!
> >access-list 110 permit ip 192.168.10.1 0.0.0.0 any
> >!
> >route-map local-policy permit 10
> > match ip address 110
> > set ip next-hop 192.168.10.254
> >!
> >
> >Theoretically, Tunnel1 packets should be subject to
> >the local policy route-map and be sent out via fa0/1 -
> >but, in policy routing debugging, nothing is showing
> >up right now, and packet debugging says that the packets
> >are being sent out via fa0/0, following the default
> >route.
> >
> >Does local policy-routing depend on some other global
> >configuration command that is not implicitly enabled
> >by IOS?
> >
> > > Make sure you use the "ip tcp adjust-mss" global command and the
> "tunnel
> > > keepalive <X> <Y>" interface command.
> >
> >Oh, I didn't know about the tunnel keepalives and was
> >planning to use some routing protocol...
> >
> >Alex.
> >
> >_______________________________________________
> >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list