Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

policy based routing with IP NAT

Hi! I have dual ISP links. 201.187.51.10 and 201.187.67.114

201.187.33.2 is recognized by 201.187.51.10 link.

201.187.67.114 is a new link.

I want all my 201.187.33.4 outbound traffic to go to 201.187.67.114 link.

Here is my configuration, unfortunately It does not work.

Can you help me.

Thanks

----

!

ip nat outside source static 201.187.67.115 20.187.33.4

!

interface FastEthernet0/0

description Connection to Firewall

ip address 201.187.33.2 255.255.255.192

ip access-group 101 in

ip route-cache policy

ip route-map testpbr

ip nat inside

!

interface FastEthernet2/0

description ISP one

ip address 201.187.51.10 255.255.255.248

!

interface FastEthernet3/0

description ISP two

ip address 201.187.67.114 255.255.255.248

ip nat outside

!

ip route 0.0.0.0 0.0.0.0 201.187.51.9 10

ip route 0.0.0.0 0.0.0.0 201.187.67.113 20

!

access-list 111 permit ip host 201.187.33.4 any

!

route-map testpbr permit 10

match ip address 111

set ip next-hop 201.187.67.113

!

!

end

5 REPLIES
Bronze

Re: policy based routing with IP NAT

Isn't it "ip policy route-map xxx" as opposed to "ip route-map xxx"?

New Member

Re: policy based routing with IP NAT

sorry for the typo error.

youre correct its ip policy route-map

what seems to be the problem?

Bronze

Re: policy based routing with IP NAT

"ip nat outside source static 201.187.67.115 20.187.33.4 "

Is this a typo too or is that how it is in the config? I ask because I don't see anything that's obviously wrong to me.

Perhaps you can run some 'debug ip nat' commands while sending traffic from this host and see if they provide any hints. Inside -> Outside NAT takes place after policy routing, so you shouldn't be having problems there.

New Member

Re: policy based routing with IP NAT

Hi marlon,

The fail reason is that the policy routing perform before NAT when the packet is out from a "ip nat inside" interface. So the policy routing performs, but skip th NAT, so without NAT, the traffic might not return back, so it fail. You should seperate NAT and policy routing in different device.

Hope this help.

Best Regards

Teru Lei

New Member

Re: policy based routing with IP NAT

Hi Teru Lei,

I think so, based on my "show route-map" commands, policy routing is working, but it is skipping IP NAT translation.

My 201.187.33.60 IP Address is NOT translated into 201.187.67.115 IP Address when going to the 201.67.114 ISP link

Any workaround without using another device?

124
Views
0
Helpful
5
Replies
CreatePlease login to create content