Policy Based Routing is not working with slb configured
I have a 7609 with a slb firewallfarm configured. It is running IOS 12.2(18)SXE3 with sup720. The firewallfarm is configured with default settings with no access parameter, only real servers configured.
All the traffic is coming from a single vlan (it's not possible to implement another layer 2 way to make the traffic pass through) and I would like to make a single flow to exit from another interface and not pass to the real servers configured on FWfarm. I wrote the following PBR statements:
!!!!!!! Begin !!!!!!!
access-list 110 permit ip host XX.XX.XX.XX any
!where XX.XX.XX.XX is an omitted IP address
route-map NEW-ROUTEMAP permit 10
match ip address 110
set ip next-hop 192.168.253.3
interface Vlan55
!vlan 55 is the interface from where the selected flows comes
ip route-cache policy
ip policy route-map NEW-ROUTEMAP
!!!!! END !!!!!!!
The route-map seems working, in fact I can see matched ACL and route-map.
The problem is the SLB seems to take all the traffic in charge, also the one I would like to route to another interface, in fact if I put my desidered output interface in monitor I can see no traffic passing through.
SLB creates the sticky entry anyway, in fact as far as I know, the SLB has the priority to static routing and route-maps.
Any idea for a workaround? Is there a way to make PBR works with SLB?
Thanks in advance.
Ric
It's possible to make pbr work with slb for further details refere to the link ,
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75d.html
Similar Messages
-
Promemoria geolocalizzati non funzionano con iOs 7 location-based reminders do not work with iOs7
promemoria geolocalizzati non funzionano con iOs 7
location-based reminders do not work with iOs7Hi konekotron,
See this manual about using the Apple Wireless Keyboard with your iPad -
iPad User Guide
http://manuals.info.apple.com/MANUALS/1000/MA1595/en_US/ipad_user_guide.pdf
See page 25 and the section on using International Keyboards on page 125.
A similar guide for the iPhone -
iPhone User Guide
manuals.info.apple.com/MANUALS/1000/MA1565/en_US/iphone_user_guide.pdf
See page 28.
Thanks for using Apple Support Communities.
Best,
Brett L -
3845 Router do not work with NME-X23ES-1GP Interface card
Need help!
I Trying install interface card NME-X 23ES-1GP on 3845 Router. I installed this card in slot 4, but router could not communicate with this card.
IOS version in Router 12.3
Here is results show diag command:
Slot 4:
Unknown (type 1187) Port adapter
Port adapter is disabled deactivated
Port adapter insertion time unknown
EEPROM contents at hardware discovery:
Hardware Revision : 1.0
Top Assy. Part Number : 800-25011-01
Board Revision : A0
Deviation Number : 0-0
Fab Version : 03
PCB Serial Number : FOC090009VC
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : NME-X-23ES-1G-P
Version Identifier : V01
Base MAC Address : 0013.8088.9f80
MAC Address block size : 128
EEPROM format version 4
EEPROM contents (hex):
Possibly IOS release too old?Thank you for link. I read all information on this link. But I can't solve the problem.
Commands "show version" and "show flash:" show my the IOS image file version on Router (but not on interface modules). Here is Routers IOS image:
c3845-advipservicesk9-mz.123-11.T5.bin
I Can't connect to and open a session on the interface module. Command service-module interface slot/port session don't work.
What I should do next?
May is ncessarily upgrade Software on router?
Here is results show version and show flash:
BIG1#show flash:
-#- --length-- -----date/time------ path
1 29801400 Jun 28 2005 04:47:46 +00:00 c3845-advipservicesk9-mz.123-11.T5.bin
2 1651 Jun 28 2005 04:55:18 +00:00 sdmconfig-38xx.cfg
3 3085312 Jun 28 2005 04:55:40 +00:00 sdm.tar
4 763392 Jun 28 2005 04:55:56 +00:00 es.tar
5 820224 Jun 28 2005 04:56:10 +00:00 common.tar
6 1038 Jun 28 2005 04:56:24 +00:00 home.shtml
7 113152 Jun 28 2005 04:56:36 +00:00 home.tar
8 749101 Jun 28 2005 04:56:52 +00:00 256MB.sdf
9 1208320 Jun 28 2005 04:57:08 +00:00 ips.tar
27451392 bytes available (36560896 bytes used)
BIG1#show version
Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.3(11)T5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Sat 02-Apr-05 15:14 by yiyan
ROM: System Bootstrap, Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)
BIG1 uptime is 57 minutes
System returned to ROM by reload at 07:11:45 UTC Tue Jul 12 2005
System image file is "flash:c3845-advipservicesk9-mz.123-11.T5.bin"
Cisco 3845 (revision 1.0) with 223232K/38912K bytes of memory.
Processor board ID FCZ0927714C
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
4 Voice FXS interfaces
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
62720K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102 -
Dynamic Configuration not working with Integrated Configuration
Hi All,
Dynamic Configuration works fine in PI 7.3 when Classical Configuration is used. However the same does not work using Integrated Configuration.
Scenario :
SOAP -->SOAP Synchronous scenario in PI 7.3 (Dual Stack).
Trying to save a value from Request mapping using dynamic configuration and use the same in response mapping.
UDF Code :
Request Mapping :
DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey Variable = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "Variable1");
conf.put(Variable, a);
Response Mapping :
DynamicConfigurationKey Variable = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "Variable1" );
string1 = conf.get(Variant);
Note : Using Integrated Config(AAE Processing) - Response header does not have DynamicConfiguration header node , but Classical Configuration has that.
Regards,
Parimala
Edited by: ParimalaE on Mar 1, 2012 1:33 PMFor us this is what we had:
This didn't work (getInputParameters is the newer stuff that doesn't work):
DynamicConfiguration dc = (DynamicConfiguration)container.getInputParameters().getValue(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey dck = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP","TServerLocation");
dc.put(dck,"https://xyz.api-salesforce.com/services/Soap/c/26.0/0DFa00000008jis");
return "";
This works for us(we had to remove getInputParameters):
DynamicConfiguration dc = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey dck = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP","TServerLocation");
dc.put(dck,"https://xyz.api-salesforce.com/services/Soap/c/26.0/00D3000000001X0");
return ""; -
300N Router/Adapter not working with Satellite internet
I had previously SRX200 router and it was working fine with Satellite but recently I bought again 300N router and adapter but it's not working. It give the strong signal for few seconds and drops it rightway. Please let me know if there is something I need to do with settings.
Thanks
PaulPaul make sure that the firmware of this router is upgraded to the latest version 1.03.0, it resolves a lot of issue.
-
WRT300N Router does not working with Intel 4965AGN adapter on Wireless-N
Hi! I have recently bought the laptop Acer 5920G with Intel 4965AGN network adapter and Windows Vista. I have read that WRT300N Router is supporting Draft-N standard, so I purchased it. The router is working fine on Wireless-G 54Mbps (firmware - 2.00.17), but not on Wireless-N. I tried to enter the following settings: ssid - any non-linksys name; radio band - wide; n-channel - 9; standard channel - 11; beacon interval - 50; Fragmentation threshold - 2306; RTS threshold - 2307, but nothing has happened, connection still remains 54Mbps. How should I configure the router and network adapter to get Wireless-N?
okay... try reflashing/upgrading the firmware on the router, after reflashing the firmware on the router, reset it back to default settings and reconfigure it according to ISP settings...edit the wireless settings again, make sure that "wireless mode" should be mixed...
on the vista computer, click on start >> control panel >> network & sharing center >> manage wireless network and try removing existing wireless networks from profile and manually add wireless n/w profile according to wireless settings of the router...check whether it makes any difference or not and let me know. -
ACL not Working with Keepalive Configuration
Hi,
I have configured ACL on CSS 11506 with software version 07.50.1_03.0 .After configuring we observed in show keepalive-summary all Server serivce are up except the App server service where keepalive type TCP & Port is configured we tried by removing keepalive configuration from App server afterwhich it is working fine does any specfic port needs to be allowed in ACL for Keepalive.Below is the conifguration which is done CSS.
acl enable
acl log enable
acl 1
clause 1 permit tcp any destination any eq 8080
clause 2 permit tcp any destination any eq 80
clause 3 permit tcp any destination any eq 443
clause 4 permit any any destination 224.0.0.18
clause 5 permit icmp any destination any
apply all
service WEBSERVER 1
ip address 1.1.1.11
redundant-index 1
protocol tcp
port 80
active
service WEBSERVER 2
ip address 1.1.1.12
redundant-index 2
protocol tcp
port 80
active
service APP1
ip address 1.1.2.11
redundant-index 10
Keepalive type tcp
Keepalive port 8080
active
service APP2
ip address 1.1.2.12
redundant-index 11
Keepalive type tcp
Keepalive port 8080
activeHi,
Thanks for reply kindly find the below required output & let me your views.
CSS11506_Backup# sh keepalive-sum
Keepalives:
AUTO_nexthop00001 State: Alive 1.1.3.1
AUTO_nexthop00002 State: Alive 1.1.3.1
AUTO_SEZ-WEBSERVER-03 State: Down 1.1.1.11
AUTO_SEZ-WEBSERVER-04 State: Down 1.1.1.12
AUTO_WEBSERVER-01 State: Alive 1.1.4.6
AUTO_WEBSERVER-02 State: Alive 1.1.4.7
AUTO_chk-con-pix103 State: Alive 1.1.3.4
AUTO_chk-con-pix225 State: Alive 1.1.3.17
AUTO_chk-con-web104 State: Alive 1.1.4.5
AUTO_chk-con-web224 State: Alive 1.1.1.18
AUTO_chk-con-pix227 State: Alive 1.1.4.4
AUTO_chk-con-app226 State: Alive 1.1.2.4
AUTO_SEZAPP1 State: Down 1.1.2.11
AUTO_SEZAPP2 State: Dying 1.1.2.12
AUTO_nexthop00005 State: Alive 1.1.4.1
CSS11506_Backup# sh keepalive-sum
Keepalives:
AUTO_nexthop00001 State: Alive 1.1.3.1
AUTO_nexthop00002 State: Alive 1.1.3.1
AUTO_SEZ-WEBSERVER-03 State: Down 1.1.1.11
AUTO_SEZ-WEBSERVER-04 State: Down 1.1.1.12
AUTO_WEBSERVER-01 State: Alive 1.1.4.6
AUTO_WEBSERVER-02 State: Alive 1.1.4.7
AUTO_chk-con-pix103 State: Alive 1.1.3.4
AUTO_chk-con-pix225 State: Alive 1.1.3.17
AUTO_chk-con-web104 State: Alive 1.1.4.5
AUTO_chk-con-web224 State: Alive 1.1.1.18
AUTO_chk-con-pix227 State: Alive 1.1.4.4
AUTO_chk-con-app226 State: Alive 1.1.2.4
AUTO_SEZAPP1 State: Down 1.1.2.11
AUTO_SEZAPP2 State: Down 1.1.2.12
AUTO_nexthop00005 State: Alive 1.1.4.1
CSS11506_Backup# sh keepalive
Keepalives:
Name: AUTO_nexthop00001 Index: 0 State: Alive
Description: Auto generated for service nexthop00001
Address: 1.1.3.1 Port: Any
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
nexthop00001
Name: AUTO_nexthop00002 Index: 1 State: Alive
Description: Auto generated for service nexthop00002
Address: 1.1.3.1 Port: Any
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
nexthop00002
Name: AUTO_-WEBSERVER-03 Index: 2 State: Down
Description: Auto generated for service -WEBSERVER-03
Address: 1.1.1.11 Port: 80
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
-WEBSERVER-03
Name: AUTO_-WEBSERVER-04 Index: 3 State: Down
Description: Auto generated for service -WEBSERVER-04
Address: 1.1.1.12 Port: 80
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
-WEBSERVER-04
Name: AUTO_WEBSERVER-01 Index: 4 State: Alive
Description: Auto generated for service WEBSERVER-01
Address: 1.1.4.6 Port: 80
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
WEBSERVER-01
Name: AUTO_WEBSERVER-02 Index: 5 State: Alive
Description: Auto generated for service WEBSERVER-02
Address: 1.1.4.7 Port: 80
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
WEBSERVER-02
Name: AUTO_chk-con-pix103 Index: 6 State: Alive
Description: Auto generated for service chk-con-pix103
Address: 1.1.3.4 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.3.4"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-pix103
Name: AUTO_chk-con-pix225 Index: 7 State: Alive
Description: Auto generated for service chk-con-pix225
Address: 1.1.3.17 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.3.17"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-pix225
Name: AUTO_chk-con-web104 Index: 8 State: Alive
Description: Auto generated for service chk-con-web104
Address: 1.1.4.5 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.4.5"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-web104
Name: AUTO_chk-con-web224 Index: 9 State: Alive
Description: Auto generated for service chk-con-web224
Address: 1.1.1.18 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.1.18"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-web224
Name: AUTO_chk-con-pix227 Index: 10 State: Alive
Description: Auto generated for service chk-con-pix227
Address: 1.1.4.4 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.4.4"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-pix227
Name: AUTO_chk-con-app226 Index: 11 State: Alive
Description: Auto generated for service chk-con-app226
Address: 1.1.2.4 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.2.4"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-app226
Name: AUTO_APP1 Index: 12 State: Down
Description: Auto generated for service APP1
Address: 1.1.2.11 Port: 8080
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
APP1
Name: AUTO_APP2 Index: 13 State: Down
Description: Auto generated for service APP2
Address: 1.1.2.12 Port: 8080
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
APP2
Name: AUTO_nexthop00005 Index: 14 State: Alive
Description: Auto generated for service nexthop00005
Address: 1.1.4.1 Port: Any
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services: -
Does icmp redirect work with policy based route
Setup:
R1 and R2 on same ip net.
On R1 policy based route is configured with R2 as next hop.
Will R1 send icmp redirect (to use R2 instead) to those hosts that match the policy based routing ?
Thanks.
Gert SchaarupHI Gert,
The answer to your question is yes. I have verified this in a lab previously. As long as all the conditions for ICMP redirect have been met (source address on same net, best gateway on same net) then ICMP redirects are sent regardless of whether PBR or normal routing is being used.
Hope that helps - pls rate the post if it does.
Paresh -
PBR is not working with ip slb configured
I have a 7609 with a slb firewallfarm configured. It is running IOS 12.2(18)SXE3 with sup720. The firewallfarm is configured with default settings with no access parameter, only real servers configured.
All the traffic is coming from a single vlan (it's not possible to implement another layer 2 way to make the traffic pass through) and I would like to make a single flow to exit from another interface and not pass to the real servers configured on FWfarm. I wrote the following PBR statements:
!!!!!!! Begin !!!!!!!
access-list 110 permit ip host XX.XX.XX.XX any
!where XX.XX.XX.XX is an omitted IP address
route-map NEW-ROUTEMAP permit 10
match ip address 110
set ip next-hop 192.168.253.3
interface Vlan55
!vlan 55 is the interface from where the selected flows comes
ip route-cache policy
ip policy route-map NEW-ROUTEMAP
!!!!! END !!!!!!!
The route-map seems working, in fact I can see matched ACL and route-map.
The problem is the SLB seems to take all the traffic in charge, also the one I would like to route to another interface, in fact if I put my desidered output interface in monitor I can see no traffic passing through.
SLB creates the sticky entry anyway, in fact as far as I know, the SLB has the priority to static routing and route-maps.
Any idea for a workaround? Is there a way to make PBR works with SLB?
Thanks in advance.
RicThanks Gilles.
I was thinking about create a new firewallfarm like this:
!Begin
ip slb firewallfarm NEWONE
inservice
access source XX.XX.XX.XX 255.255.255.255
real 192.168.253.3
inservice
! End
Theoretically the FWLB should do the same work the PBR was supposed to do.
How will the IOS choose the right firewallfarm to apply? Do you think it will work?
In this way I can do the same job without re-testing the new IOS for the production environment.
Thanks in advance,
Ric -
Policy Based Routing with VPN Client configuration
Hi to all,
We have a Cisco 2800 router in our company that also serves as a VPN server. We use the VPN Client to connect to our corporate network (pls don't laugh, I know that it is very obsolete but I haven't had the time lately to switch to SSL VPN).
The router has two WAN connections. One is the primary wan ("slow wan" link with slower upload 10D/1U mbps) and it is used for the corporate workstations used by the emploees. The other is our backup link. It has higher upload speed - 11D/11U mbps, (fast wan), and thus we also use the high upload link for our webserver (I have done this using PBR just for the http traffic from the webserver). For numerous other reasions we can not use the `fast wan` connection as our primary connection and it is used anly as a failover in case the primary link fails.
The `fast wan` also has a static IP address and we use this static IP for the VPN Client configuration.
Now the thing is that because of the failover, when we connect from the outside using the VPN Client, the traffic comes from the`fast wan` interface, but exits from the `slow wan` interface. And because the `slow wan` has only 1mbps upload the vpn connection is slow.
Is there any way for us to redirect the vpn traffic to always use the `fast wan` interface and to take advantage of the 11mbps upload speed of that connection?
This is our sanitized config
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group dc
key ***
dns 192.168.5.7
domain corp.local
pool SDM_POOL_1
acl 101
max-users 3
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group dc
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile SDM_Profile1
set security-association idle-time 3600
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
interface Loopback0
ip address 10.10.10.1 255.255.255.0
interface FastEthernet0/0
description *WAN*
no ip address
ip mtu 1396
duplex auto
speed auto
interface FastEthernet0/0.3
description FAST-WAN-11D-11U
encapsulation dot1Q 3
ip address 88.XX.XX.75 255.255.255.248
ip load-sharing per-packet
ip nat outside
ip virtual-reassembly
interface FastEthernet0/0.4
description SLOW-WAN-10D-1U
encapsulation dot1Q 4
ip address dhcp
ip nat outside
ip virtual-reassembly
no cdp enable
interface FastEthernet0/1
description *LOCAL*
no ip address
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1.10
description VLAN 10 192-168-5-0
encapsulation dot1Q 10
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly max-reassemblies 32
no cdp enable
interface FastEthernet0/1.20
description VLAN 20 10-10-0-0
encapsulation dot1Q 20
ip address 10.10.0.254 255.255.255.0
ip access-group PERMIT-MNG out
ip nat inside
ip virtual-reassembly
!!! NOTE: This route map is used to PBR the http traffic for our server
ip policy route-map REDIRECT-VIA-FAST-WAN
no cdp enable
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
interface Virtual-Template3
no ip address
interface Virtual-Template4
no ip address
ip local pool SDM_POOL_1 192.168.5.150 192.168.5.152
ip forward-protocol nd
!!! SLOW-WAN NEXT HOP DEFAULT ADDRESS
ip route 0.0.0.0 0.0.0.0 89.XX.XX.1 5
!!! FAST-WAN NEXT HOP DEFAULT ADDRESS
ip route 0.0.0.0 0.0.0.0 88.XX.XX.73 10
ip nat inside source route-map FAST-WAN-NAT-RMAP interface FastEthernet0/0.3 overload
ip nat inside source route-map SLOW-WAN-NAT-RMAP interface FastEthernet0/0.4 overload
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
access-list 101 permit ip 10.10.0.0 0.0.0.255 any
ip access-list extended FAST-WAN-NAT
permit tcp 192.168.5.0 0.0.0.255 range 1025 65535 any
permit udp 192.168.5.0 0.0.0.255 range 1025 65535 any
permit icmp 192.168.5.0 0.0.0.255 any
permit tcp 10.10.0.0 0.0.0.255 range 1025 65535 any
permit udp 10.10.0.0 0.0.0.255 range 1025 65535 any
permit icmp 10.10.0.0 0.0.0.255 any
ip access-list extended REDIRECT-VIA-FAST-WAN
deny tcp host 10.10.0.43 eq 443 9675 192.168.5.0 0.0.0.255
permit tcp host 10.10.0.43 eq 443 9675 any
ip access-list extended SLOW-WAN-NAT
permit ip 192.168.5.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.255 any
route-map FAST-WAN-NAT-RMAP permit 10
match ip address FAST-WAN-NAT
match interface FastEthernet0/0.3
route-map REDIRECT-VIA-FAST-WAN permit 10
match ip address REDIRECT-VIA-FAST-WAN
set ip next-hop 88.XX.XX.73
route-map SLOW-WAN-NAT-RMAP permit 10
match ip address SLOW-WAN-NAT
match interface FastEthernet0/0.4Can you try to use PBR Match track object,
Device(config)# route-map abc
Device(config-route-map)# match track 2
Device(config-route-map)# end
Device# show route-map abc
route-map abc, permit, sequence 10
Match clauses:
track-object 2
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Additional References for PBR Match Track Object
This feature is a part of IOS-XE release 3.13 and later.
PBR Match Track Object
Cisco IOS XE Release 3.13S
The PBR Match Track Object feature enables a device to track the stub object during Policy Based Routing.
The following commands were introduced or modified: match track tracked-obj-number
Cheers,
Sumit -
My itunes 11 Home sharing is not working with my windows 7 PC and iPad it shows up on iPad and when I go to share the music app does loading for 3 mins and crashes I am using a virgin super hub router please please please help
My itunes 11 Home sharing is not working with my windows 7 PC and iPad it shows up on iPad and when I go to share the music app does loading for 3 mins and crashes I am using a virgin super hub router please please please help
-
Graphite base station not working with my Intel Based Mac Mini and iPhone.
My Airport Express died after 2 years of use. I had to resort to plugging in my old but still functioning Graphite Airport base station. Since the set up assisant on my Mac mini does not work with the older base station, I used my G4 400 tower to set it up. I got it working and tested the connection. On to testing my iPhone. It sees the new network. Password is entered and the wifi icon shows full signal strength, but does not connect to the web. Next I try my Mac mini out on the new network and it too sees the network, but does not connect to the web. I double check the older G4 and the connection is still strong and fast. I shut the G4 down thinking that maybe the Graphite can only support one computer at a time, and the Mac mini and iPhone still can't connect to the web. I'm not sure what to do with this one. Is there a setting that I need to use? As far as security goes, the Graphite base station was set up with a WEP password. Any help would be great
Message was edited by: SorianoI suggest using AirPort Admin Utility (version 4.2) to check the base station settings and change them, if necessary. (AirPort Admin Utility should be able to configure a Graphite base station from a computer running Mac OS X 10.4, even though AirPort Setup Assistant can't.)
In the Network pane of AirPort Admin Utility, please make sure that "Distribute IP addresses" and "Share a single IP address (using DHCP and NAT)" are checked, and that everything else is unchecked. I am assuming that the Graphite is the only router in your local network and that there are no computers connected via Ethernet.
The Access Control pane of AirPort Admin Utility should list either all of the relevant AirPort ID's or nothing. You can find the AirPort ID of an OS X computer by looking at System Preferences>Network>Show:AirPort>AirPort.
The Internet pane of AirPort Admin Utility should be set in accordance with your Internet provider's requirements. Most likely, it should be set to Connect Using:Ethernet and Configure:Using DHCP.
After verifying the settings, power down the computers, base station and cable or DSL modem for a few minutes, then start them up sequentially, leaving time for each to get fully up and running: first the modem, then the base station, and finally the computers.
The network preferences on the Mac Mini and the iPhone are also relevant. I assume that the preferences are unchanged from those that worked with the AirPort Express.
I hope this helps. -
you must have connected the Time Capsule with a router that does not work with my direct cable from my ISP
I tried to answer in your other post.. please stick to one thread ..
What method of internet do you have.. is this fibre install.. if so the TC should just plug in and use dhcp in router mode.. press and hold the reset and it will go back to router mode by default. -
Printer not working with new router
I have a new router and my laptop with Windows XP is working Ok
My printer Deskjet 3520 network test result shows successful setup But it does not print when laptop requests
What can I doHi @Jobrig,
Welcome to the HP Forums!
I see that your HP Deskjet 3520 is not working with your new router, and I am happy to help with this connection issue!
For further assistance, I will need to know: if you are using a Windows or Mac Operating System, and the version number. To find the exact version, visit this link. Whatsmyos, and if the printer is able to make copies.
In the meantime, please see the following:
This printing guide, Print Jobs are Stuck in the Print Queue.
This website, HP Wireless Printing Center, may also help.
Hope these guides will help you, and thank you for posting!
RnRMusicMan
I work on behalf of HP
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos Thumbs Up" to say “Thanks” for helping! -
Safari could not open the page on my new ipad mini's because the server stopped responding- new ipad mini's (2 from separate places) are not working with At & T router but computers work fine. Yesterday I got it to work. Weird. Can you please help me. I've tried everything. Thanks ya'll!
Hello SavannahSweetie,
I was looking into the issue you are desribing, and found a great article for troubleshooting wifi connections with iOS devices. It's called iOS: Troubleshooting Wi-Fi networks and connections and can be found here: http://support.apple.com/kb/ts1398.
Start with this section, and work your way down if needed.
Basic troubleshooting
Tap Settings > Wi-Fi and turn Wi-Fi off and then on again.
Verify that you are in range of your Wi-Fi router or base station.
Confirm that your Wi-Fi router and Cable/DSL modem are connected to power and turned on.
Check whether other devices (portable computers, for example) are able to connect to the Wi-Fi network and access the Internet.
Update your Wi-Fi router to the latest firmware.For AirPort Base Stations, refer to this article for information about firmware updates. For third-party Wi-Fi routers, check the manufacturer's website for details on updating your firmware.
Restart your iOS deviceHold the On/Off button until "slide to power off" appears. Slide to power off your device. When it is off, press the On/Off button to turn it back on.
All the best,
Sterling
Maybe you are looking for
-
Create a photo page and have the photo's link to other internal pages
really basic quesiton, sorry but I can't do this for some reason. I created a photo page that is going to be a menu page to link to some internal pages. for some reason the Enable as a Hyperlink is greyed out and I can't click on it to make the image
-
i got a new ipod touch and i need to sync it so that i can get the songs that are on my old ipod touch but i don't know how to sync my old ipod to the itunes on my mac. i deauthorized my old computer so i havent had an itunes
-
Complex Oracle Streams issue - Update conflicts
This is for Oracle streams replication on 11g r2. I am facing update conflicts in a table. The conflict arise due to technical and business logic issue. The business logic will pass through the replication/apply process successfully but we want to ar
-
I have been reading discussions all over the internet about moving from iPhoto 11 to LR4, understanding that I might lose the Albums and Keywords from iPhoto depending upon the method of transfer. I stopped in the local Apple store today and spoke w
-
Can't use HTML in XML tags anymore?
I've noticed with 1.1 that HTML that worked in an XML tag in 1.0 no longer displays. Spry seems to be taking what is in the tags as a literal string. For the most part, I've been able to work around this, however, I'm running into some issues now whe