I have configured a 3448 with EFP as a SIP transparent proxy. This router has two WAN connections and is using PBR to send VLAN1 (Data) to the Cox cable connection and VLAN10 (Voice) to the Windstream T1. Currently when connecting laptop to each VLAN the packets follow the correct route to proper ISP. However when looking at the phones registration information in the PBX, all phones still register with the public address from the wrong ISP. Media-Gateway ip primary is enabled on all interfaces and I cannot figure out why the SIP packets will not follow the PBR. I have attached the running config, Help!
I've used a similar setup with multiple WAN and LAN connections with a similar result. I ended up getting it operational by separating the WAN policy-classes.
interface eth 0/1
description Voice_Primary_Data_Backup
ip address x.x.x..169 255.255.255.248
ip packet-capture 1CAPTURE
ip mtu 1500
ip access-policy Public
media-gateway ip primary
traffic-shape rate 10M
max-reserved-bandwidth 95
qos-policy out VOIP-OUT
no awcp
no shutdown
!
!
interface eth 0/2
description Data_Primary_Voice_Backup
ip address x.x.x.9 255.255.255.248
ip packet-capture 1CAPTURE
ip mtu 1500
ip access-policy Public2
media-gateway ip primary
traffic-shape rate 1.5M
max-reserved-bandwidth 95
qos-policy out VOIP-OUT
no awcp
no shutdown
!
interface vlan 10
ip address 192.168.1.1 255.255.255.0
ip access-policy Private
media-gateway ip primary
no awcp
no shutdown
!
!
interface vlan 20
ip address 192.168.15.1 255.255.255.0
ip access-policy Private2
media-gateway ip primary
no awcp
no shutdown
!
ip policy-class Private
allow list DEVICE self
nat source list NAT-ICS interface eth 0/2 overload policy Public2
nat source list NAT-ICS interface eth 0/1 overload policy Public
!
ip policy-class Private2
allow list DEVICE self
nat source list NAT-ICS interface eth 0/1 overload policy Public
nat source list NAT-ICS interface eth 0/2 overload policy Public2
!
ip policy-class Public
allow list SSMANG self
allow list SS-SBC self
!
ip policy-class Public2
allow list SSMANG self
allow list SS-SBC self
!
ip route 0.0.0.0 0.0.0.0 x.x.x.174 PING1
ip route 0.0.0.0 0.0.0.0 x.x.x.14 100
ip route x.x.200.0 255.255.248.0 x.x.x.14 PING2
Where the .14 interface is the gateway for the .9 public IP on eth 0/2 and NATs out that interface destined for the x.x.200.0 network. The important part is the Public and Public 2 after the overload statements. I've setup multiple routers using this policy based routing and it's been working perfectly.
Hope this helps