i have a problem on configuring a PBR to let a server use as next hop a remote site connected by a GRE tunnel.
The layout is:
LAN ---- (vlan1) Router1 (Tunnel624) ---------GRE---------(Tunnel624) Router2
The objective is to PAT a server (172.18.2.100) located in my LAN on Router2 using his data line.
Router 1 config is:
ip address 172.26.252.25 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination "public R2 IP address"
ip address 172.18.2.254 255.255.255.0
ip nat inside
ip policy route-map PBR
ip access-list extended PBR
permit ip host 172.18.2.100 any log
route-map PBR permit 10
match ip address PBR
set ip next-hop 172.26.252.26!
On Router2 the configuration is the following:
ip address 172.26.252.26 255.255.255.252
ip nat inside
tunnel source Loopback0
tunnel destination "public R1 IP address"!
ip address "public R2 IP address"
ip nat outside
no cdp enable!
ip route 172.18.2.0 255.255.255.0 172.26.252.25
ip nat inside source static tcp 172.18.2.100 80 "public R2 IP address" 80 extendable
R2 and the server LAN can communicate perfectly.
The problem is that no requests are received by the server if they comes from the "public R2 IP address".
On R1 a "debug ip packets" gives the following "access denied" even if no access lists on the involved interfaces are configured.*May 7 12:03:35.683: IP: tableid=0, s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), routed via FIB
*May 7 12:03:35.687: IP: s="My Public IP" (Tunnel624), d=172.18.2.100 (Vlan1), len 48, access denied*May 7 12:03:35.687: TCP src=50359, dst=80, seq=1253016140, ack=0, win=8192 SYN
Have you any idea?