i have tried it with next-hop 150.1.1.1 tooo already...
still the same issue ... :(
On Tue, Jul 31, 2012 at 6:22 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> As far as I can see, 150.1.1.1 is a connected interface, but not
> 150.1.1.254. When you do a show ip route 150.1.1.254, is falls under
> 150.1.1.0/24, which is right. But that fact does not confirm if
> 150.1.1.254 is a connected andvalid next hop for your PBR.
>
> Can we see the full config on R1?
>
>
> On Tue, Jul 31, 2012 at 3:08 PM, shekhar sharma <
> shekhar.sharma21_at_gmail.com> wrote:
>
>> Nops buddy...
>>
>> it is a connected interface
>>
>>
>> R1#sh ip route 150.1.1.254
>> Routing entry for 150.1.1.0/24
>> Known via "connected", distance 0, metric 0 (connected, via interface)
>> Redistributing via eigrp 100
>> Routing Descriptor Blocks:
>> * directly connected, via Loopback0
>> Route metric is 0, traffic share count is 1
>> R1#sh run itnloo
>> R1#sh run int loo
>> R1#sh run int loopback 0
>> Building configuration...
>> Current configuration : 63 bytes
>> !
>> interface Loopback0
>> ip address 150.1.1.1 255.255.255.0
>> end
>>
>> On Tue, Jul 31, 2012 at 6:03 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com>wrote:
>>
>>> Hi Shekhar,
>>>
>>> Can we see the full config please? Is the next hop (150.1.1.254) on R1
>>> or another box which is the next hop? I suspect this is the reason (and
>>> from what I see, its working as expected).
>>>
>>> If my assumption is right, then your local-policy is not making your
>>> locally generated traffic hit the reflexive ACL (outside_in), mainly
>>> because this does not pass through the inside_in ACL, to generate an entry
>>> in the reverse direction.
>>>
>>> Anyway, hope that helps abit.
>>>
>>> Sadiq
>>>
>>> On Tue, Jul 31, 2012 at 2:56 PM, shekhar sharma <
>>> shekhar.sharma21_at_gmail.com> wrote:
>>>
>>>> Hi guys,
>>>>
>>>>
>>>> facing some issue with reflexsive access-list.
>>>>
>>>> The inbound to outbound & vice-versa restrictions is working fine....
>>>>
>>>> But not able to rectify router local generated traffic (ping & telnet)
>>>> for
>>>> mangement......after applying local policy..
>>>>
>>>> i am missing something basic here ... kindly help..
>>>>
>>>> configs :-
>>>> 1) ip access-list extended inside_in
>>>> permit ip any any reflect test
>>>> 2) ip access-list extended outside_in
>>>> permit eigrp any any
>>>> evaluate test
>>>>
>>>> 3)ip access-list extended icmp_telnet
>>>> permit tcp any any eq telnet
>>>> permit icmp any any
>>>>
>>>> 4)#sh route-map
>>>> route-map local, permit, sequence 10
>>>> Match clauses:
>>>> ip address (access-lists): icmp_telnet
>>>> Set clauses:
>>>> ip next-hop 150.1.1.254
>>>> Policy routing matches: 119 packets, 7318 bytes
>>>>
>>>> 5)ip local policy route-map local
>>>>
>>>>
>>>>
>>>> R1#ping 150.1.3.3
>>>> Type escape sequence to abort.
>>>> Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
>>>> .....
>>>> Success rate is 0 percent (0/5)
>>>> R1#
>>>> R1#
>>>> R1#
>>>> R1#
>>>> R1#telnet 150.1.3.3
>>>> Trying 150.1.3.3 ...
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> CCIEx2 (R&S|Sec) #19963
>>>
>>
>>
>
>
> --
> CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 31 2012 - 18:24:51 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:24 ART