Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
2
Replies

Policy Based Routing on 2620

justin.gerharter
Level 1
Level 1

‎04-18-2008 06:49 PM - edited ‎03-03-2019 09:37 PM

We have two routers: a Cisco 1721 and a Cisco 2620. Right now the 1721 is doing policy based routing to route traffic from a certain IP address (1.1.1.2) out a different internet link. If I put the exact same config on the 2620 router, traffic to the second link does not flow. Network traces show the routing and NAT working but the next hop (2.2.2.1) does not return the traffic. I can see the ARP request from 2.2.2.1 but the 2620 does not answer. Below is the relevant config of the 2620.

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.240

ip nat inside

ip policy route-map Policy1

interface FastEthernet0/1

ip address 2.2.2.2 255.255.255.248

ip nat outside

ip nat inside source static 1.1.1.2 2.2.2.3

ip route 2.2.2.0 255.255.255.248 2.2.2.1

access-list 2 permit 1.1.1.2

route-map Policy1 permit 10

match ip address 2

set ip next-hop 2.2.2.1

About the only thing different other than the router model is that the 1721 only has one Fast Ethernet interface on it so it has a 4-port Fast Ethernet Switch WAN Interface Card installed in it.

Any ideas on why this isn't working would be greatly appreciated!

Labels:
0 Helpful
2 Replies 2

lamav
Level 8
Level 8

‎04-18-2008 07:47 PM

Justin:

What's with the static route to 2.2.2.0/29? Thats a directly connected network of interface fa0/1, so you dont need a static route.

If you do a sh ip ro 2.2.2.0, Im sure the route will show as "directly connected" and your static route, with the higher AD of 1, wont be in the routing table anyway.

Also, 2.2.2.1 is ARPing for the 2.2.2.3 address (this is the new source address after the 1.1.1.2 address is NAT'ed) because it thinks the host is directly connected to its interface (same subnet), but it's not. This is why I believe the router is not replying to the ARP request for 2.2.2.3. It doesnt own the address, and doesnt have it in its ARP table.

Can you NAT to a different host address -- other than 2.2.2.3, perhaps even the 2.2.2.2 address?

Victor

0 Helpful

justin.gerharter
Level 1
Level 1
In response to lamav

‎04-20-2008 05:35 PM

That static route is not needed and no longer present. A case of not thinking clearly when I set this up 18 months ago.

The change of the static NAT to the IP address on Fa 0/1 worked.

Million dollar question...why would have the VLAN interface on the 1721 have responded to the ARP request for the 2.2.2.3?

Thanks for the suggestion and speedy reply. It is greatly appreciated!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card