Policy Based Routing on 2620

Unanswered Question
Apr 18th, 2008
User Badges:

We have two routers: a Cisco 1721 and a Cisco 2620. Right now the 1721 is doing policy based routing to route traffic from a certain IP address (1.1.1.2) out a different internet link. If I put the exact same config on the 2620 router, traffic to the second link does not flow. Network traces show the routing and NAT working but the next hop (2.2.2.1) does not return the traffic. I can see the ARP request from 2.2.2.1 but the 2620 does not answer. Below is the relevant config of the 2620.


interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.240

ip nat inside

ip policy route-map Policy1


interface FastEthernet0/1

ip address 2.2.2.2 255.255.255.248

ip nat outside


ip nat inside source static 1.1.1.2 2.2.2.3

ip route 2.2.2.0 255.255.255.248 2.2.2.1

access-list 2 permit 1.1.1.2


route-map Policy1 permit 10

match ip address 2

set ip next-hop 2.2.2.1


About the only thing different other than the router model is that the 1721 only has one Fast Ethernet interface on it so it has a 4-port Fast Ethernet Switch WAN Interface Card installed in it.


Any ideas on why this isn't working would be greatly appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Fri, 04/18/2008 - 19:47
User Badges:
  • Blue, 1500 points or more

Justin:


What's with the static route to 2.2.2.0/29? Thats a directly connected network of interface fa0/1, so you dont need a static route.


If you do a sh ip ro 2.2.2.0, Im sure the route will show as "directly connected" and your static route, with the higher AD of 1, wont be in the routing table anyway.


Also, 2.2.2.1 is ARPing for the 2.2.2.3 address (this is the new source address after the 1.1.1.2 address is NAT'ed) because it thinks the host is directly connected to its interface (same subnet), but it's not. This is why I believe the router is not replying to the ARP request for 2.2.2.3. It doesnt own the address, and doesnt have it in its ARP table.


Can you NAT to a different host address -- other than 2.2.2.3, perhaps even the 2.2.2.2 address?


Victor

justin.gerharte... Sun, 04/20/2008 - 17:35
User Badges:

That static route is not needed and no longer present. A case of not thinking clearly when I set this up 18 months ago.


The change of the static NAT to the IP address on Fa 0/1 worked.


Million dollar question...why would have the VLAN interface on the 1721 have responded to the ARP request for the 2.2.2.3?


Thanks for the suggestion and speedy reply. It is greatly appreciated!

Actions

This Discussion