Source IP address
in [Cisco]
|
From: Igor Mamuzic on 9 Dec 2008 05:07 When my router A routes locally generated icmp packets (local PBR) it always puts ip address of it's interface fa1 as the source address for those PBR routed packets. Traffic is policy routed trough tunnel interface 0 using next hop of router's B tunnel interface 0. This is what I want to accomplish and it works, but I noticed that router A always generates packets with source IP address of its fa1 interface. Now, I'm curious why is that so... Router A: int fa1 ip add 10.0.0.2 ! int vlan 2 description GRE tunnel source ip add 10.0.0.10 crypto-map vpn ! int tunnel 0 description GRE with router B ip add 172.168.1.1 tunnel-source vlan 2 tunnel-destination 10.0.0.14 ! ip route 0.0.0.0 0.0.0.0 fa1 ip local policy route-map tracker ! route-map tracker permit match ip add 171 set ip next-hop 172.168.1.2 - this is IP of tunnel interface on router B ! access-list 171 permit icmp any host 195.29.150.3 echo Router B config is irrelevant because debug ip policy on router A shows that there is always fa1 ip address used as the source for locally generated traffic. Now if I want to be able to ping 195.29.150.3 from router A I need to put static route to router's A fa1 interface address on router B which is something that I would like to avoid. Regards, Igor
From: Thrill5 on 9 Dec 2008 20:15 The router will use as the source ip address, the interface that the router will use to send the packet. I don't know how PBR affects this. This is true for any packets or TCP connections initiated by the router. For some connections, you can specify the source IP (TACACs, SNMP, NTP, etc), for others you can't (TFTP, telnet) You can specify the source IP used by pings. Enter "ping" without any arguments and answer the prompts. When it asks "Extended commads [n]" enter "y". The next prompt will be for the source address. You can specify an interface name or an interface ip address. "Igor Mamuzic" <igor.mamuzicMAKNI_TO(a)zg.t-com.hr> wrote in message news:ghlg1h$13f$1(a)ss408.t-com.hr... > When my router A routes locally generated icmp packets (local PBR) it > always puts ip address of it's interface fa1 as the source address for > those PBR routed packets. Traffic is policy routed trough tunnel interface > 0 using next hop of router's B tunnel interface 0. This is what I want to > accomplish and it works, but I noticed that router A always generates > packets with source IP address of its fa1 interface. Now, I'm curious why > is that so... > > Router A: > int fa1 > ip add 10.0.0.2 > ! > int vlan 2 > description GRE tunnel source > ip add 10.0.0.10 > crypto-map vpn > ! > int tunnel 0 > description GRE with router B > ip add 172.168.1.1 > tunnel-source vlan 2 > tunnel-destination 10.0.0.14 > ! > ip route 0.0.0.0 0.0.0.0 fa1 > ip local policy route-map tracker > ! > route-map tracker permit > match ip add 171 > set ip next-hop 172.168.1.2 - this is IP of tunnel interface on router B > ! > access-list 171 permit icmp any host 195.29.150.3 echo > > Router B config is irrelevant because debug ip policy on router A shows > that there is always fa1 ip address used as the source for locally > generated traffic. Now if I want to be able to ping 195.29.150.3 from > router A I need to put static route to router's A fa1 interface address on > router B which is something that I would like to avoid. > > Regards, > Igor >
From: Igor Mamuzic aka Pseto on 11 Dec 2008 09:51 ok I discovered that it always uses IP address of the interface with default route as source IP address for locally generated packets;) Until now I thought that router will always use IP address of egress interface as a source ip until configured to not do so. Is there any logical explanation about this? Igor
From: Dan Lanciani on 11 Dec 2008 17:06 In article <ghr9eu$p9g$1(a)ss408.t-com.hr>, igor.mamuzicMAKNI_TO(a)zg.t-com.hr (Igor Mamuzic aka Pseto) writes: | ok I discovered that it always uses IP address of the interface with default | route as source IP address for locally generated packets;) Until now I | thought that router will always use IP address of egress interface as a | source ip until configured to not do so. Is there any logical explanation | about this? I believe the router typically uses as a source address the primary address of the interface that would hypothetically be the egress interface under normal routing rules. It does not "pre run" any other code (e.g., route maps) that could result in a different egress interface. Even in some simple cases you can get undesirable effects. For example, if the interface is chosen because of the route installed for a secondary address the router still uses the primary address as source. In many cases where it matters at all this is not the address you want... Dan Lanciani ddl(a)danlan.*com
|
Pages: 1 Prev: ADSL interface attenuation Next: multiple SSIDs on 521 and VLANs on an ASA |