Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Nasty Route Map

Folks,

I have a nasty little routing problem. I'm attempting to combine two WANs. Unfortunately, they were both built with some of the same subnets and I would really like to avoid readdressing all the clients. In my favor is that my WAN does not use the same subnets as the ones we need to access from the other WAN (10.249.0.0 and 10.51.0.0).

I attempted the access list approach and was summarily defeated. I have been working on the rouet map approach but am still being skunked. The configuration is below. 192.x.x.x addresses are the Internet. 10.249.0.1 is the address of the DSL line connecting us to the new WAN. 10.51.x.x is the subnet at the other WAN I am attempting to access.

In the current config a ping from a desktop (10.1.0.56) on interface FastEthernet0/0 to 10.249.0.1 (on interface Ethernet0/1) results in the packet being readdressed to the news pool and not to the secondWAN pool. Switching over to my route-map for "news" gives similar results. The BRI and Serial are for a frame relay with fail over ISDN dial-up and are irrelevant at this point.

Could someone please show me the appropriate way to make a map that will send 10.249.x.x and 10.51.x.x traffic from FastEthernet0/0 to Ethernet0/1 and Internet traffic to FastEthernet0/1?

Using 4403 out of 29688 bytes

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname pocnews

!

enable secret xxxxx

enable password xxxx

!

username xxxx password xxxx

username xxx password xxxx

!

ip subnet-zero

no ip domain-lookup

ip name-server 207.108.224.1

ip name-server 204.147.80.5

!

ip inspect name Firewall tcp

ip inspect name Firewall udp

ip inspect name Firewall ftp

ip inspect name Firewall http

ip audit notify log

ip audit po max-events 100

isdn switch-type basic-ni

isdn voice-call-failure 0

!

!

!

interface FastEthernet0/0

description INTERNAL LAN

ip address xx.xxx.0.1 255.255.0.0

no ip directed-broadcast

ip nat inside

duplex auto

speed auto

!

interface BRI0/0

ip address xxx.xxx.0.1 255.255.255.248

no ip directed-broadcast

ip nat inside

encapsulation ppp

dialer-group 1

isdn switch-type basic-ni

isdn spid1 xxxxxxxxxxxxxx

isdn spid2 xxxxxxxxxxxxxx

isdn incoming-voice data

ppp authentication chap callin

!

interface Serial0/0

no ip address

no ip directed-broadcast

encapsulation frame-relay IETF

no ip mroute-cache

no fair-queue

!

interface Serial0/0.16 multipoint

description Preston cir

ip address xxx.xxx.0.1 255.255.255.252

no ip directed-broadcast

ip nat inside

frame-relay interface-dlci 16

!

interface Serial0/0.17 multipoint

description Rex cir

ip address xxx.xxx.0.2 255.255.255.252

no ip directed-broadcast

ip nat inside

frame-relay interface-dlci 17

!

interface FastEthernet0/1

description 675 OUT to INTERNET

ip address 192.0.1.1 255.255.255.248

ip access-group 101 in

ip access-group 102 out

no ip directed-broadcast

ip nat outside

ip inspect Firewall in

ip inspect Firewall out

duplex auto

speed auto

no cdp enable

!

interface Ethernet1/0

description Second WAN

ip address 10.249.0.2 255.255.0.0

no ip directed-broadcast

ip nat outside

!

router eigrp 2

redistribute static

network 10.0.0.0

network 192.0.0.0

no auto-summary

!

ip nat pool news 192.0.1.2 192.0.1.2 netmask 255.255.255.248

ip nat pool secondWAN 10.249.0.3 10.249.0.3 netmask 255.255.255.248

ip nat inside source list 1 pool news overload

ip nat inside source route-map wan2 pool secondWAN overload

ip nat inside source static 10.2.2.100 192.0.1.5

ip classless

ip route 0.0.0.0 0.0.0.0 192.0.1.6

ip route 10.1.0.0 255.255.0.0 FastEthernet0/0

ip route 10.2.0.0 255.255.0.0 10.250.0.2 200

ip route 10.3.0.0 255.255.0.0 BRI0/0 200

no ip http server

!

!

map-class dialer DOV

access-list 1 permit 192.0.1.5

access-list 1 permit 10.1.0.0 0.0.255.255

access-list 1 permit 10.2.0.0 0.0.255.255

access-list 1 permit 10.6.0.0 0.0.255.255

access-list 101 permit tcp any host 192.0.1.1 established

access-list 101 permit tcp any host 192.0.1.1 eq telnet

access-list 101 permit ip host 192.110.141.100 host 192.0.1.5

access-list 101 permit icmp any any

access-list 101 deny ip any any

access-list 102 permit icmp any any

access-list 102 permit tcp any any

access-list 102 permit udp any any

access-list 102 deny ip any any

access-list 103 permit ip 10.1.0.0 0.0.255.255 10.249.0.0 0.0.255.255

dialer-list 1 protocol ip permit

!

route-map wan2 permit 10

match ip address 103

match interface Ethernet1/0

!

route-map Qwest1 permit 10

match ip address 102

match interface FastEthernet0/1

!

!

xxxxx

password xxxx

login

transport input none

line xxx

line xx

password xxx

login

!

no scheduler allocate

end

2 REPLIES
Bronze

Re: Nasty Route Map

There are various solutions, one is to exclude the traffic destined for wan2 from the news nat, e.g. like this:

no ip nat inside source list 1 pool news overload

no access-list 1

access-list 100 deny ip any 10.51.0.0 0.0.255.255

access-list 100 deny ip any 10.249.0.0 0.0.255.255

access-list 100 permit ip host 192.0.1.5 any

access-list 100 permit ip 10.1.0.0 0.0.255.255 any

access-list 100 permit ip 10.2.0.0 0.0.255.255 any

access-list 100 permit ip 10.6.0.0 0.0.255.255 any

ip nat inside source list 100 pool news overload

Then your ping to 10.249.0.1 should work.

For traffic to 10.51.0.0 to work you should also add:

access-list 103 permit ip 10.1.0.0 0.0.255.255 10.51.0.0 0.0.255.255

ip route 10.51.0.0 255.255.0.0 10.249.0.1 (unless you receive this route in eigrp from the other wan)

Let us know if this works?

hth

Herbert

New Member

Re: Nasty Route Map

I bow to your greatness! Thank you so much. I've battled with this for four days and was so close so many times it's not even funny.

-Justin

98
Views
5
Helpful
2
Replies
CreatePlease to create content