04-27-2009 06:18 PM - edited 03-04-2019 04:32 AM
Hi, I'm trying to set up a policy map to route all traffic out to an ADSL modem on the same subnet (192.168.15.2).
We have a VPN tunnel set to an external company.. I need to send traffic for network 203.102.137.156 to the atm 0.1 interface which is our shdsl link..
All incoming traffic needs to come in via the atn0.1 interface. We have NAT setup (see below)
Please see below config: Please can anyone advise if I have the policy map setup correctly to map all outgoing traffic to 192.168.15.2 and the VPN traffic to 203.102.137.156 via atm0.1. Also advise if this will effect incoming connections?
interface ATM0.1 point-to-point
ip address 125.255.65.226 255.255.255.252
ip nat outside
ip virtual-reassembly
atm route-bridged ip
pvc 1/32
encapsulation aal5snap
interface Vlan1
ip address 192.168.15.254 255.255.255.0
ip nat insideip policy route-map Webtraffic
ip route-cache policy
route-map Webtraffic permit 10
match address 111
set default interface atm 0.1
exit
route-map Webtraffic permit 20
match address 40
set ip default next-hop 192.168.15.2
access-list 40 permit any
access-list 111 deny ip 192.168.15.0 0.0.0.255 host 203.102.137.156
access-list 111 permit ip 192.168.15.0 0.0.0.255 any
ip nat inside source list 111 interface ATM0.1 overload
ip nat inside source static tcp 192.168.15.5 25 125.255.65.226 25 extendable
ip nat inside source static tcp 192.168.15.5 80 125.255.65.226 80 extendable
ip nat inside source static tcp 192.168.15.5 110 125.255.65.226 110 extendable
ip nat inside source static tcp 192.168.15.5 443 125.255.65.226 443 extendable
ip nat inside source static tcp 192.168.15.5 1723 125.255.65.226 1723 extendable
Solved! Go to Solution.
05-04-2009 07:03 PM
Hi,
With your configuration, you can expect the following behavior:
- traffic to 203.102.137.156 which source is 192.168.15.x will be sent to 192.168.15.2. A deny in an ACL means check the next route-map entry
- Traffic which source is 192.168.15.x to everything else will be sent to atm0.1
- All other traffic will be sent to 192.168.15.2.
The match address 40 is not necessary.
If I understand you correctly, you want to send all the traffic received on Vlan 1 to 192.168.15.2 except the traffic which destination is 203.102.137.156.
In this case, this route-map should answer to your requirement:
access-list 101 permit ip 192.168.15.0 0.0.0.255 host 203.102.137.156
!
route-map Webtraffic permit 10
match address 101
set default interface atm 0.1
!
route-map Webtraffic permit 20
set ip default next-hop 192.168.15.2
!
HTH
Laurent.
05-04-2009 03:02 PM
Verifying the Configuration of Policy Maps and Their Classes
To display the contents of a specific policy map, a specific class from a specific policy map, or all policy maps configured on an interface, use the following commands in EXEC mode
Router# show policy policy-map
Router# show policy policy-map class class-name
Router# show policy interface interface-name
05-04-2009 07:03 PM
Hi,
With your configuration, you can expect the following behavior:
- traffic to 203.102.137.156 which source is 192.168.15.x will be sent to 192.168.15.2. A deny in an ACL means check the next route-map entry
- Traffic which source is 192.168.15.x to everything else will be sent to atm0.1
- All other traffic will be sent to 192.168.15.2.
The match address 40 is not necessary.
If I understand you correctly, you want to send all the traffic received on Vlan 1 to 192.168.15.2 except the traffic which destination is 203.102.137.156.
In this case, this route-map should answer to your requirement:
access-list 101 permit ip 192.168.15.0 0.0.0.255 host 203.102.137.156
!
route-map Webtraffic permit 10
match address 101
set default interface atm 0.1
!
route-map Webtraffic permit 20
set ip default next-hop 192.168.15.2
!
HTH
Laurent.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: