Access-List & Policy Routing Problem
Posted on 2008-06-19
I am wanting to do some policy routing at my company and split internet traffic out two separate ISPs. I have an older internet circuit that I have about 10 public servers hosted on. This is what employees currently use for internet. I am wanting to route employees out bound internet traffic through a new internet provider but keep any traffic to and from my public servers synchronous. I've been able to do this from my gateway router using the route-map command and route all of the traffic from my public servers out the appropriate internet circuit. The problem that I am having is once I apply the route-map command to the Ethernet interface on my router any connections from my WAN are no longer able to access my public servers internally. Essentially, any requests from the WAN to any servers in the ACL that the route-map uses are dropped at the interface that the route-map command applies too. Outside (internet) connections are accepted and obviously local LAN has no problems. The various sites in the WAN all connect to the same router that is doing the policy routing via serial interfaces. Here are the relevant parts of my config...
access-list 10 permit 10.0.2.24
access-list 10 permit 10.0.2.23
access-list 10 permit 10.0.2.22
access-list 10 permit 10.0.2.2
access-list 10 permit 10.0.2.1
access-list 10 permit 10.0.2.219
access-list 10 permit 10.0.2.217
access-list 10 permit 10.0.2.216
access-list 10 permit 10.0.2.215
access-list 10 permit 10.0.2.202
route-map public_servers permit 10
match ip address 10
set interface Ethernet0/0
set ip next-hop 10.0.2.8
ip route 0.0.0.0 0.0.0.0 10.0.2.3
Here's the interface that is doing the policy routing.......
ip address 10.0.2.10 255.255.255.0
no ip mroute-cache
no mop enabled
ip policy route-map public_servers
Thanks in advance!