One is installing a static route the other is policy based routing. Although the end result is the same, the packets makes it to the destination, the logic is very different.
policy-based routing should not be the norm for fixing things. It should be the one off approach. Use the reverse-route option on the dynamip map more typically. Also with PBR you need to apply the route-map to both local and interface based on the source of the traffic whereas the reverse-route will take care of both. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Tuesday, June 01, 2010 12:27 PM To: Jimmy Larsson; OSL Security Subject: Re: [OSL | CCIE_Security] Routing when doing IOS L2L Hello Jimmy, Yeah it works with route-maps too :) ip access-list extended VPN_ACL permit ip host 1.1.1.1 host 2.2.2.2 ip local-policy route-map VPN_ROUTE_MAP ( To allow the route-map to match locally generated traffic ) route-map VPN_ROUTE permit 10 match ip address VPN_ACL set ip next-hop 172.16.1.1 ( setting the next hop to the fa 0/0 interface, so that the packets get processed as packets to be encrypted ) As far as the difference between the 2 commands, i'm not sure. Must look it up :) Hope this helps! Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
