Route maps problem

Unanswered Question
Oct 4th, 2009
User Badges:

I am trying to configure route maps in cisco 1811 router, one wan port connected to the internet and the second one with company network,


the vlan 1 interface is used to connect inside network,


some times I get reply from both links, but some times response stops from company network link or internet,


Is Cisco 1811 router sufficient for Policy Based Routing??


Please look into my config and advise..


version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname MTL-1811

!

boot-start-marker

boot-end-marker

!

enable secret 5 $xxxxxxxxxxxxxxxxxI/

!

aaa new-model

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

aaa session-id common

!

resource policy

!

ip cef

!

ip domain name millat.com.pk

ip name-server 10.16.6.11

!

username Junaid privilege 15 secret 5 $xxxxxxxxxxxxxxxxxxxxxx0

!

interface FastEthernet0

ip address 192.168.95.65 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet1

ip address 192.168.218.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet2

!

interface Vlan1

ip address 192.168.74.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map company_network

!

interface Async1

no ip address

encapsulation slip

!

ip route 0.0.0.0 0.0.0.0 192.168.95.1

!

no ip http server

no ip http secure-server


ip nat inside source list internet interface FastEthernet0 overload

ip nat inside source route-map company_network interface FastEthernet1 overload


ip access-list extended go_vpn

permit ip 192.168.74.0 0.0.0.255 192.168.218.0 0.0.0.255

permit ip 192.168.74.0 0.0.0.255 192.168.217.0 0.0.0.255

permit ip 192.168.74.0 0.0.0.255 192.168.1.0 0.0.0.255


ip access-list extended internet

deny ip 192.168.74.0 0.0.0.255 192.168.218.0 0.0.0.255

deny ip 192.168.74.0 0.0.0.255 192.168.1.0 0.0.0.255

deny ip 192.168.74.0 0.0.0.255 192.168.217.0 0.0.0.255

permit ip any any

!

!

route-map company_network permit 10

match ip address go_vpn

set ip next-hop 192.168.218.254

!

control-plane

!

line vty 0 4

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end


MTL-1811#

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 10/05/2009 - 00:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Junaid,

I don't understand why you are natting towards your company it should be enough to route towards it.


I would remove the following line:


ip nat inside source route-map company_network interface FastEthernet1 overload


also just few static routes should be enough to reach company network IP subnets.



192.168.217.0/24

192.168.1.0/24


Hope to help

Giuseppe


junshah22 Mon, 10/05/2009 - 01:17
User Badges:

The company network is connected with carier VPN service,, they are using BGP with MPLS.... thats why I used this command...

Giuseppe Larosa Mon, 10/05/2009 - 02:27
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Junaid,


again an MPLS L3 VPN service usually can support your private address plan.


Check with your service provider


Hope to help

Giuseppe


junshah22 Mon, 10/05/2009 - 02:30
User Badges:

ok,, will talk to the service provider and will let you know very soon,,


thanks

Actions

This Discussion