Route map issues
I have set up the following route map on int F0/0
Then connected a device to int F0/0 gave it an ip address of 149.100.200.10, and a DF GW of 149.100.200.200.
I can ping from this device across the router, how ever when I do
#sh route-map
i get
So the traffic is passing through the router, but my ACL and Route-map are not showing as getting hits, and the policy is not getting implemented.
Any ideas where this is going wrong.
the router in questions has
one interface pointing to the 149.100.200.x network
one pointing to the internet,
there is also a tunnel interface set up on the 172.16.10.10 network that tunnels across the internet to a remote location.
So what I am trying to achieve is any traffic to and from the 149.100.200.x network passes through he encrypted tunnel.
Cheers
PS. I can provide a diagram if needed, and should i mention this is using GNS3
FastEthernet0/0 ip address 149.100.200.200 255.255.255.0 ip policy route-map TO-HQ duplex auto speed auto ip access-list extended Remote permit ip 149.100.200.0 0.0.0.255 any log route-map To-HQ permit 10 match ip address Remote set ip next-hop 172.16.10.10
Then connected a device to int F0/0 gave it an ip address of 149.100.200.10, and a DF GW of 149.100.200.200.
I can ping from this device across the router, how ever when I do
#sh route-map
i get
route-map To-HQ, permit, sequence 10 Match clauses:
ip address (access-lists): Remote
Set clauses:
ip next-hop 172.16.10.10
Policy routing matches: 0 packets, 0 bytes
So the traffic is passing through the router, but my ACL and Route-map are not showing as getting hits, and the policy is not getting implemented.
Any ideas where this is going wrong.
the router in questions has
one interface pointing to the 149.100.200.x network
one pointing to the internet,
there is also a tunnel interface set up on the 172.16.10.10 network that tunnels across the internet to a remote location.
So what I am trying to achieve is any traffic to and from the 149.100.200.x network passes through he encrypted tunnel.
Cheers
PS. I can provide a diagram if needed, and should i mention this is using GNS3
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
Comments
-
networker050184
Mod Posts: 11,962 Mod
First I have to ask, why not just set up an IPSEC VPN and match the interesting traffic you want?An expert is a man who has made all the mistakes which can be made. -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
no reason, just playing around with stuff
looking at different ways to achieve the same thing, IPSEC VPN been there n done it, not really played much with GRE tunnels so thought I would have some fun
I worked out what it was... the policy name i applied to the interface was TO-HQ, while the policy configured was To-HQ (with a small "o"). eye site must be getting bad.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
networker050184
Mod Posts: 11,962 Mod
It's always something small that makes you question your sanity! You'd think they would have some kind of check in place to say it doesn't exist....An expert is a man who has made all the mistakes which can be made.
-
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Strangely enough I was setting up an IPSEC VPN, only a few days ago and that did have checks you can't try to use an access list that does not exist. but you can it seems apply a policy that doesn't
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
xXErebuS
Member Posts: 230
no reason, just playing around with stuff
looking at different ways to achieve the same thing, IPSEC VPN been there n done it, not really played much with GRE tunnels so thought I would have some fun
I worked out what it was... the policy name i applied to the interface was TO-HQ, while the policy configured was To-HQ (with a small "o"). eye site must be getting bad.
done this a few times lol