8.4 Policy Routing

In my opinion SG is wrong. SG does not take control over "fiel transfers" traffic only, wich is FTP and FTP-DATA, going and coming from VL43 and VL367, see my config. Please your comments.

R1:

ip access-list extended VL43-367

 permit tcp 139.1.0.0 0.0.0.255 204.12.1.0 0.0.0.255 eq ftp

 permit tcp 139.1.0.0 0.0.0.255 204.12.1.0 0.0.0.255 eq ftp-data

 permit tcp 139.1.0.0 0.0.0.255 eq ftp 204.12.1.0 0.0.0.255

 permit tcp 139.1.0.0 0.0.0.255 eq ftp-data 204.12.1.0 0.0.0.255

route-map PBR permit 10

 match ip add VL43-367

 match lenght 1251 1500

 set interface Serial1/3

int fa0/0

ip policy route-map PBR

-----------------------------------------

R5:

ip access-list extended VL43-367

 permit tcp 204.12.1.0 0.0.0.255 139.1.1.0 0.0.0.255 eq ftp

 permit tcp 204.12.1.0 0.0.0.255 139.1.1.0 0.0.0.255 eq ftp-data

 permit tcp 204.12.1.0 0.0.0.255 eq ftp 139.1.0.0 0.0.0.255

 permit tcp 204.12.1.0 0.0.0.255 eq ftp-data 139.1.0.0 0.0.0.255

route-map PBR permit 10

 match ip add VL43-367

 match lenght 1251 1500

 set interface Serial1/0.502

!