Ahsan Khan (ahsank@one.net.pk) wrote:
|
| I am not sure if you have put the route map on your Ethernet interface.??
|
| !
| interface Ethernet0
| ip policy route-map proxy-redirect
| !
|
| Did you .??
No, because we're not using an Ethernet interface. We're using Fddi, so it's
applied to that :-)
Our CISCO chappie is looking again at this. I did some digging last night
(ciscos are scary beasts and I don't normally touch them!) and it seems that
an access-group we have for security reasons on that same interface is
colliding with the ip next-hop - the interface doesn't let traffic flow out
from it with a src IP address of 137.205.0.0. So the route-map is matching,
setting the next hop, the packet is duly being sent out and then dropped by
the access group.
He's having a think as to how we can rework our security stuff to avoid this
(applying it in the inverse direction to the logically opposite interface
seems like the best bet at present).
Chris
-- Chris Tilbury, IT Services, University of Warwick, Coventry, UK PHONE: 024 7652 3365 / FAX: 024 7652 2367 / MAIL: Chris.Tilbury@warwick.ac.ukReceived on Tue Jun 13 2000 - 02:33:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:00 MST