- Green, 3000 points or more
I thought I knew how to do Policy Routing and now I think I don't....
This is the situation....
I have a 2821 running c2800nm-advsecurityk9-mz.124-24.T.bin acting as the Internet router.
I have two ISPs directly connected.
I have two default gateways (one principal and the other backup)
ip route 0.0.0.0 0 0.0.0.0 FIRST_ISP 10
ip route 0.0.0.0 0 0.0.0.0 SECOND_ISP 20
I am doing NAT for both connections:
ip nat inside source route-map METRO interface GigabitEthernet 0.1 overload
ip nat inside source route-map SHDSL interface GigabitEthernet0/0.11 overload
route-map METRO permit 10
match ip address ACL_METRO
set interface GigabitEthernet 0/1
route-map SHDSL permit 10
match ip address ACL_SHDSL
set interface GigabitEthernet 0/0.11
ip access-list extended ACL_METRO permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended ACL_SHDSL permit ip 192.168.1.0 0.0.0.255 any
So, everybody goes out to the Internet via the SDHSL (which is the FIRST_ISP), and if it fails, they get out via the METRO ISP
The problem is with the servers. I have these NAT rules:
ip nat inside source static 192.168.2.78 22.214.171.124 route-map METRO_78
route-map METRO_78 permit 10
match ip address ACL_METRO_78
match interface GigabitEthernet0/1
Extended IP access list ACL_METRO_78
10 deny ip host 192.168.2.78 192.168.32.0 0.0.0.255
20 permit ip host 192.168.2.78 any (888630 matches)
Because I want that if server 192.168.2.78 gets to the Router, it will get translated to 126.96.36.199 and routed via the Metro ISP (is not happening). It always prefer the SHDSL ISP.
What do I need to change in the route-maps to make them work?