Route MAPS

I have the following set up.

R1 is linked to R1 with a point to point link 172.16.0.1 and 172.16.0.2
R2 has two loop backs set up 192.168.1.10/24 and 192.168.2.10/24
R1 has two static routes set up pointing to the 192.168.1.0 and 192.168.2.0

I can ping the 172.16.0.1 address or router R1 from all the other IP address, and between the 192.168.. sub nets.

So what I want to do is set up routing policies so that the two 192.168.0.. subnets are not able to take direct to each other and packets instead get forwarded to R1 to be dealt with. (ignore for the moment why, just accept this is test traffic in in the real world the traffic between the two vlans must pass though a fire wall that is remote to there location).

So i set up a route map

ip access-list standard force 
permit 192.168.0.0 0.0.255.255 log
!
!
route-map MAP permit 10
 match ip route-source force
 set ip next-hop 172.16.0.1

and applied this to both loop back interfaces

I assumed this would mean that any incoming packets with the source address 192.168.x.x would be directed to R1. however when pinging 192.168.1.10 from source 192.168.1.20 the ping runs fine, but with a packet sniffer on the link between R1 and R2 I see no data.

Have I got the config completely wrong or is there some thing else I am missing?

Cheers

Find more posts tagged with

Comments

Zartanasaurus

You're trying to match on the source address, so use match ip address force.
match ip route-source is used to match the IP of a router advertising a route to you.

Nate--IRL--

You also have to apply the routemap to an interface using "ip policy MAP"

Nate

DevilWAH

Nate--IRL-- wrote: »

You also have to apply the routemap to an interface using "ip policy MAP"

Nate

AS in my first post where i put "and applied this to both loop back interfaces"

Nate--IRL--

Oops, my apologies

. Missed that completely.

Nate

DevilWAH

Zartanasaurus wrote: »

You're trying to match on the source address, so use match ip address force.
match ip route-source is used to match the IP of a router advertising a route to you.

I had actuly tried that already, however after it failed I was playing with the "match ip route-source".

What I found was it does not work well with loopback interfaces. or interfaces local to R2, adding two clients connected to two physical ports on R2 set up with 192.168.1.1 and 192.168.2.1 as the default gate way for the clients I can see the traffic going to R1.

However it seems that IOS does not allow hair pinning of packets, (or at least I have forgot how to do it

).

Wondering if there is a better way to do this like using tagged trunks between routers, but dont really want to have to set that up on all the intermediate routers. Oh I suppose I could use a gre tunnel... now that might make it simple