Hmmm... The reason I recommended that is because I think I remember reading somewhere that the "set ip" command does not work on point-to-point interfaces. The outbound interface in your config has a /30 assigned to it so maybe it is seeing it as a p-t-p interface?
Do you have a "less preferred" route via that interface for the destination ip's? If not, I don't think your pbr will work either. Sent from my iPhone On Aug 12, 2010, at 3:33 PM, Andrey Khomyakov <[email protected]> wrote: > I dont' think this will work. Here is the formal description of "set > interface" from cisco.com: > > This action specifies that the packet is forwarded out of the local > interface. The interface must be a Layer 3 interface (no switchports), and > the destination address in the packet must lie within the IP network > assigned to that interface. If the destination address for the packet does > not lie within that network, the packet is dropped. > > > Since in my case the packets are destined to random addresses on the webz, > my understanding that this will effectively be a drop statement for them. > > But, no, I have not tried it. > > On Thu, Aug 12, 2010 at 3:25 PM, Rogelio <[email protected]> wrote: > >> Have you tried "set interface" instead of "set ip"? >> >> >> Sent from my iPhone >> >> On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov <[email protected]> >> wrote: >> >>> I did try an extended ACL and had the same result. >>> The way I know that it's not working is that I see these packets arriving >> on >>> a wrong interface on the firewall and therefor being dropped. >>> I actually had to open a CR with Cisco and they verified the config and >> said >>> nothing is wrong with it. They are escalating and will hopefully get back >> to >>> me about this. >>> >>> Andrey >> > > > > -- > Andrey Khomyakov > [[email protected]]
