[128573] in North American Network Operators' Group
Re: Policy Based Routing advice
daemon@ATHENA.MIT.EDU (Andrey Khomyakov)
Thu Aug 12 15:37:09 2010
In-Reply-To: <3406A5B0-5D33-43AE-888E-271BE94D619A@gmail.com>
From: Andrey Khomyakov <khomyakov.andrey@gmail.com>
Date: Thu, 12 Aug 2010 15:33:01 -0400
To: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I dont' think this will work. Here is the formal description of "set
interface" from cisco.com:
This action specifies that the packet is forwarded out of the local
interface. The interface must be a Layer 3 interface (no switchports), and
the destination address in the packet must lie within the IP network
assigned to that interface. If the destination address for the packet does
not lie within that network, the packet is dropped.
Since in my case the packets are destined to random addresses on the webz,
my understanding that this will effectively be a drop statement for them.
But, no, I have not tried it.
On Thu, Aug 12, 2010 at 3:25 PM, Rogelio <rgamino@gmail.com> wrote:
> Have you tried "set interface" instead of "set ip"?
>
>
> Sent from my iPhone
>
> On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov <khomyakov.andrey@gmail.com>
> wrote:
>
> > I did try an extended ACL and had the same result.
> > The way I know that it's not working is that I see these packets arriving
> on
> > a wrong interface on the firewall and therefor being dropped.
> > I actually had to open a CR with Cisco and they verified the config and
> said
> > nothing is wrong with it. They are escalating and will hopefully get back
> to
> > me about this.
> >
> > Andrey
>
--
Andrey Khomyakov
[khomyakov.andrey@gmail.com]
