Hi, I'm trying to achieve the following:
- 10.2.2.2 polls the router via snmp
- The router does not have a route to 10.2.2.2 in the routing table
- Use policy routing so that router generated traffic can be routed to
10.2.2.2 via 10.1.1.2I have defined a route map as follows, but strangely it seems that when I snmp query from 10.2.2.2 to the router, the snmp response from the router cannot get back to 10.2.2.2. When I telnet or ssh from 10.2.2.2 to the router, the route map is used and traffic of the router generated traffic (telnet, ssh) gets back with no problems. If i remove the route map and put a static route to 10.2.2.2 in the routing table, everything including the snmp response gets back to 10.2.2.2. Doesn't the statement "match ip address mylist" already match the snmp response from the router? What am I missing here?
BTW, one thing i've found confusing is i had to explicitly permit traffic to the router "access-list 100 permit ip host 10.2.2.2 any", or else, ssh would not work. Isn't traffic TO the router not affected by ACLs??
TIA.
interface lo0 ip address 1.1.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow ! interface fa0/0 ip address 10.1.1.1 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow speed auto no cdp enable ! ip local policy route-map mymap
access-list 100 permit ip host 10.2.2.2 any access-list 100 deny ip any any
route-map mymap permit 10 match ip address mylist set ip next-hop 10.1.1.2 ! ip access-list extended mylist permit ip any host 10.2.2.2 !