[nsp] policy-routing GRE tunnel packets

Michael Axelrod axelrod1 at comcast.net
Tue Aug 19 12:02:39 EDT 2003


Hi,
why not use static routes to tunnel destinations to the desired gateways?
Mike

----- Original Message -----
From: "Alexander Bochmann" <bochmann at FreiNet.de>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, August 19, 2003 8:47 AM
Subject: Re: [nsp] policy-routing GRE tunnel packets


> Hi,
>
> thanks for all the answers so far...
>
> ...on Tue, Aug 19, 2003 at 10:14:27AM -0400, Streiner, Justin wrote:
>
>  > > I had assumed that the Tunnel packets would be
>  > > subject to local policy routing, but that doesn't
>  > > seem to work - according to packet debugging, the
>  > You may be able to use VRF instances to make this work.  It should also
>  > work fine with 12.3(1a) since that's an outgrowth of 12.2T.  That train
>
> Hum. Perhaps I should try to outline what I'm trying to
> do - possibly there's just some stupid mistake...
>
> Following is a rough makeup of the original config:
>
> !
> interface FastEthernet0/0
>  ip address 192.168.0.1 255.255.255.0
> !
> interface FastEthernet0/1
>  ip address 192.168.10.1 255.255.255.0
> !
> interface Tunnel0
>  ip address 10.0.0.1 255.255.255.252
>  tunnel source FastEthernet0/0
>  tunnel destination 172.16.0.1
> !
> interface Tunnel1
>  ip address 10.0.10.1 255.255.255.252
>  tunnel source FastEthernet0/1
>  tunnel destination 172.16.10.1
> !
> ip local policy route-map local-policy
> ip route 0.0.0.0 0.0.0.0 192.168.0.254
> !
> access-list 110 permit ip 192.168.10.1 0.0.0.0 any
> !
> route-map local-policy permit 10
>  match ip address 110
>  set ip next-hop 192.168.10.254
> !
>
> Theoretically, Tunnel1 packets should be subject to
> the local policy route-map and be sent out via fa0/1 -
> but, in policy routing debugging, nothing is showing
> up right now, and packet debugging says that the packets
> are being sent out via fa0/0, following the default
> route.
>
> Does local policy-routing depend on some other global
> configuration command that is not implicitly enabled
> by IOS?
>
>  > Make sure you use the "ip tcp adjust-mss" global command and the
"tunnel
>  > keepalive <X> <Y>" interface command.
>
> Oh, I didn't know about the tunnel keepalives and was
> planning to use some routing protocol...
>
> Alex.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list