Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Policy based routing issue

Avatar of DeltaR7
DeltaR7Flag for Belgium asked on
RoutersNetwork Operations
9 Comments1 Solution458 ViewsLast Modified:
Hi
i've got a problem with policy based routing.
Setup: 4 locations in Europe, MPLS. For my main location I've got a Cisco 4507, with VLANs and acting as router, connected to a cisco router (10.40.0.2, internet access through MPLS ) and a backup router (10.40.0.3, VPN site to site, direct internet access). Now, for the IT people here I would like to use the backup line ONLY for internet access.
All traffic for other sites must go over the MPLS.

As test i used my own IP 10.40.0.164

I have added following statements to the 4507:

access-list 110 remark Set DG for IT to 10.40.0.2
access-list 110 permit ip host 10.40.0.164 10.10.0.0 0.0.15.255
access-list 110 permit ip host 10.40.0.164 10.20.0.0 0.0.0.255
access-list 110 permit ip host 10.40.0.164 10.30.0.0 0.0.0.255
access-list 110 permit ip host 10.40.0.164 10.40.0.0 0.0.15.255
access-list 110 permit ip host 10.40.0.164 192.168.100.28 0.0.0.3
access-list 110 permit ip host 10.40.0.164 192.168.100.20 0.0.0.3
access-list 110 permit ip host 10.40.0.164 192.168.100.40 0.0.0.3
access-list 110 permit ip host 10.40.0.164 192.168.100.60 0.0.0.3
access-list 110 permit ip host 10.40.0.164 192.168.100.80 0.0.0.3
access-list 110 permit ip host 10.40.0.164 192.168.100.100 0.0.0.3
access-list 110 deny ip host 10.40.0.164 any
access-list 110 permit ip any any

access-list 111 description Set DG for IT to 10.40.0.3
access-list 111 permit ip any any

route-map InternetIT permit 10
 match ip address 110
 set ip next-hop 10.40.0.2

route-map InternetIT permit 20
 match ip address 111
 set ip next-hop 10.40.0.3

interface vlan 1
ip policy route-map InternetIT

the test proves to be working for me, all my internet traffic is routed to the backup router.
HOWEVER: all people connected to other VLANs than VLAN1 on my 4507 can't reach the other 3 locations any more.

Any help would much appreciated
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavenerFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 9 Comments.
See Answers