Route MAPS
I have the following set up.
So what I want to do is set up routing policies so that the two 192.168.0.. subnets are not able to take direct to each other and packets instead get forwarded to R1 to be dealt with. (ignore for the moment why, just accept this is test traffic in in the real world the traffic between the two vlans must pass though a fire wall that is remote to there location).
So i set up a route map
and applied this to both loop back interfaces
I assumed this would mean that any incoming packets with the source address 192.168.x.x would be directed to R1. however when pinging 192.168.1.10 from source 192.168.1.20 the ping runs fine, but with a packet sniffer on the link between R1 and R2 I see no data.
Have I got the config completely wrong or is there some thing else I am missing?
Cheers
- R1 is linked to R1 with a point to point link 172.16.0.1 and 172.16.0.2
- R2 has two loop backs set up 192.168.1.10/24 and 192.168.2.10/24
- R1 has two static routes set up pointing to the 192.168.1.0 and 192.168.2.0
So what I want to do is set up routing policies so that the two 192.168.0.. subnets are not able to take direct to each other and packets instead get forwarded to R1 to be dealt with. (ignore for the moment why, just accept this is test traffic in in the real world the traffic between the two vlans must pass though a fire wall that is remote to there location).
So i set up a route map
ip access-list standard force permit 192.168.0.0 0.0.255.255 log ! ! route-map MAP permit 10 match ip route-source force set ip next-hop 172.16.0.1
and applied this to both loop back interfaces
I assumed this would mean that any incoming packets with the source address 192.168.x.x would be directed to R1. however when pinging 192.168.1.10 from source 192.168.1.20 the ping runs fine, but with a packet sniffer on the link between R1 and R2 I see no data.
Have I got the config completely wrong or is there some thing else I am missing?
Cheers
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
Comments
-
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■■□
You're trying to match on the source address, so use match ip address force.
match ip route-source is used to match the IP of a router advertising a route to you.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Nate--IRL--
Member Posts: 103 ■■□□□□□□□□
You also have to apply the routemap to an interface using "ip policy MAP"
Nate -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Nate--IRL-- wrote: »You also have to apply the routemap to an interface using "ip policy MAP"
Nate
AS in my first post where i put "and applied this to both loop back interfaces"
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Zartanasaurus wrote: »You're trying to match on the source address, so use match ip address force.
match ip route-source is used to match the IP of a router advertising a route to you.
I had actuly tried that already, however after it failed I was playing with the "match ip route-source".
What I found was it does not work well with loopback interfaces. or interfaces local to R2, adding two clients connected to two physical ports on R2 set up with 192.168.1.1 and 192.168.2.1 as the default gate way for the clients I can see the traffic going to R1.
However it seems that IOS does not allow hair pinning of packets, (or at least I have forgot how to do it ).
Wondering if there is a better way to do this like using tagged trunks between routers, but dont really want to have to set that up on all the intermediate routers. Oh I suppose I could use a gre tunnel... now that might make it simple
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
. Missed that completely.