[c-nsp] VPN Tunnel and PBR
Ahmad Cheikh Moussa
acm at netuse.de
Mon Apr 2 08:32:00 EDT 2007
Hi!
Ahmad Cheikh Moussa wrote:
> Hi!
>>
>> Mar 29 18:53:31.284 MEST: IP: s=10.1.15.66 (Vlan963), d=1.2.3.10, len 76, FIB policy match
>> Mar 29 18:53:31.284 MEST: IP: s=10.1.15.66 (Vlan963), d=1.2.3.10, g=10.5.1.1, len 76, FIB policy routed
>>
>> Before the change I only got errors that the routing policy does not work.
>
> The policy matchs now, but the packet are still sent outside the tunnel,
> although the next-hop has to be reached via tunnel interface.
> If I make an extended ping from the router to the next-hop, then I can
> see the packet goes through the tunnel.
>
Now it works. I've changed the encryption domain (traffic which have to
go through the ipsec tunnel) so that everything goes to the tunnel
exempt one network and with that it works.
But I'am still curios about the config with virtual-access interface.
Is there any cisco guy, who can sends an example config ?
The problem I had was that when the tunnel is established the
router is not reachable via the external IP. In this case the ip
of dialer 1 (DSL dialin).
Regards,
Ahmad
--
Ahmad Cheikh-Moussa
ISP-Technik
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499
Service: Service at NetUSE.DE -- http://NetUSE.DE/
Vorstand: Andreas Seeger (Vorsitz), Dr. Roland Kaltefleiter, Dr. Jörg Posewang
Aufsichtsrat: Detlev Hübner (Vorsitz)
Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942
Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
The information contained in this message is confidential or protected by
law. Any unauthorised copying of this message or unauthorised distribution
of the information contained herein is prohibited.
More information about the cisco-nsp
mailing list