From: Hansang Bae (hbae@xxxxxxxxxx)
Date: Wed Jun 12 2002 - 22:40:54 GMT-3
At 04:22 AM 6/12/2002 -0500, Voss, David wrote:
>My goal is to send all traffic that matches a route in the routing table,
>though the tunnel I have created.
>Anything else (i.e. default gateway traffic) would be sent to a different
>default gateway.
Herein lies the problem. The PCs on a segment don't run a routing protocol and
will therefore send everything they don't know how to reach to the default gat
eway.
>My policy routing statement denies www and 443 and permits all else through
>the tunnel.
>access-list 121 deny tcp any any eq www
>access-list 121 deny tcp any any eq 443
>access-list 121 permit tcp any any
>access-list 121 permit udp any any
Why not replace the last two with "ip any any" so you'll catch ICMP (and other)
traffic. Also, the ACL for PBR is used to determine WHO will be policy routed
.
>Tunnelled traffic works, it is sent through the tunnel. WWW and 443 work,
>they go to the default gateway (not the tunnel).
>My goal is to send ALL traffic that is destined for the default gateway, to
>NOT go through the tunnel, but to actually go to the local default gateway.
>Do you know how I can specify this?
*IF* matches are not found in policy-routing statements, it will follow the rou
ting table.
>I already have the default gateway address set on the router, but packets
>are getting dropped if it is an ftp or telnet session to the Internet.
It would help if you posted your configs... there are other reasons that may be
causing this to fail.
hsb
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:32 GMT-3