Route map issues

DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
I have set up the following route map on int F0/0
FastEthernet0/0 ip address 149.100.200.200 255.255.255.0
 ip policy route-map TO-HQ
 duplex auto
 speed auto




ip access-list extended Remote
 permit ip 149.100.200.0 0.0.0.255 any log




route-map To-HQ permit 10
 match ip address Remote
 set ip next-hop 172.16.10.10

Then connected a device to int F0/0 gave it an ip address of 149.100.200.10, and a DF GW of 149.100.200.200.

I can ping from this device across the router, how ever when I do

#sh route-map

i get
route-map To-HQ, permit, sequence 10  Match clauses:
    ip address (access-lists): Remote
  Set clauses:
    ip next-hop 172.16.10.10
  Policy routing matches: 0 packets, 0 bytes

So the traffic is passing through the router, but my ACL and Route-map are not showing as getting hits, and the policy is not getting implemented.

Any ideas where this is going wrong.

the router in questions has
one interface pointing to the 149.100.200.x network
one pointing to the internet,
there is also a tunnel interface set up on the 172.16.10.10 network that tunnels across the internet to a remote location.

So what I am trying to achieve is any traffic to and from the 149.100.200.x network passes through he encrypted tunnel.

Cheers

PS. I can provide a diagram if needed, and should i mention this is using GNS3
  • If you can't explain it simply, you don't understand it well enough. Albert Einstein
  • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    First I have to ask, why not just set up an IPSEC VPN and match the interesting traffic you want?
    An expert is a man who has made all the mistakes which can be made.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    no reason, just playing around with stuff :)

    looking at different ways to achieve the same thing, IPSEC VPN been there n done it, not really played much with GRE tunnels so thought I would have some fun :)

    I worked out what it was... the policy name i applied to the interface was TO-HQ, while the policy configured was To-HQ (with a small "o"). eye site must be getting bad.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    It's always something small that makes you question your sanity! You'd think they would have some kind of check in place to say it doesn't exist....
    An expert is a man who has made all the mistakes which can be made.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Strangely enough I was setting up an IPSEC VPN, only a few days ago and that did have checks :) you can't try to use an access list that does not exist. but you can it seems apply a policy that doesn't :)
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • xXErebuSxXErebuS Member Posts: 230
    DevilWAH wrote: »
    no reason, just playing around with stuff :)

    looking at different ways to achieve the same thing, IPSEC VPN been there n done it, not really played much with GRE tunnels so thought I would have some fun :)

    I worked out what it was... the policy name i applied to the interface was TO-HQ, while the policy configured was To-HQ (with a small "o"). eye site must be getting bad.

    done this a few times lol
Sign In or Register to comment.