07-13-2002 12:39 PM - edited 03-01-2019 11:52 PM
I am looking for a suggestion for the best way to solve this scenario.
I have a 2611 router with 2 ethernet interfaces and a T1 WIC w/ CSU/DSU. Here is my setup.
e0/0 - 192.168.1.1 - LAN 192.168.0.0/24
e0/1 - 10.1.1.1 - LAN 10.1.1.0/24
s0/0 - 172.16.1.1 - Wan subnet 172.16.1.0/30
ip route 0.0.0.0 0.0.0.0 172.16.1.2
Currently all e0/0 LAN traffic is sent out s0/0 via default route and into the Frame Cloud which is fine. I have a new DSL setup that has the following addresses for the DSL router:
LAN IP - 10.1.1.2 (on the same VLAN as e0/1)
WAN IP - 192.168.1.1
I want the default gateway for the e0/1 (10.1.1.1) to be 10.1.1.2 and keep the default gateway for the e0/0(192.168.1.1) to be remain as 172.16.1.2 (the other end of the frame on s0/0 subnet). How can I do this? Should I use route-maps and/or access-lists? Also, Can I nat the 10.1.1.0/24 network on the router. The e0/1 would have ip nat inside. But I do not have another interface on the router to put ip nat outside.
Thanks for any help,
RJ
07-14-2002 03:25 AM
you can do policy routing such that any packets arriving from source 192.168.1.0/24 should be set to next-hop as 172.16.1.2 or s0/0 and for any packets arriving from source 10.1.1.0/24 to set the next-hop as 10.1.1.2 or e0/1
eg;
route-map test permit 10
match ip address 1
set ip next-hop 172.16.1.2 OR set interface serial 0/0
route-map test permit 20
match ip address 2
set ip next-hop 10.1.1.2 OR set interface ethernet 0/1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 10.1.1.0 0.0.0.255
HTH
R/Yusuf
07-14-2002 03:28 AM
then apply this route-map 'test' to ethernet0/0 and ethernet0/1 interfaces.
eg;
interface ethernet 0/0
ip policy route-map test
interface ethernet 0/1
ip policy route-map test
R/Yusuf
07-14-2002 05:26 PM
Thanks for your help. The examples helped clarify the concept. What about using NAT on the router? I would like to NAT the 10.1.1.0/24 to a another public subnet that will route out the DSL WAN interface. So, e0/1 would have ip nat inside. Since I do not have another ethernet interface to place ip nat outside on, could I create a Loopback interface using the WAN subnet I need and apply the ip nat outside command on this interface? Will I have any routing issues with this setup?
Thanks,
RJ
08-19-2002 11:25 PM
I have a similar but slightly varied situation, either one of you, or anyone else's help would be greatly appreciated. I have 2 Cisco 2600, each with a s0, s1, eth0, and FastEth1. The two routers are connected on their s0 and s01 by TWO t1's, but bundled over MLPPP. RouterA points directly to a gateway to Internet. Behind router B is a LAN that has public AND private addressing.
I am using Router B to do DHCP and NAT. The public IPs are passing through just fine, all traffics are ok. But my nat'ed private IPs seem to have problems with certain types of traffic like mail and VPN. Can you take a look at my Router B config and find any problems with the NATing or the access-list ? I know that some of the access-list are not being applied. I was not clear whether an access-group in or access-group out is necessary?? The key here is to resolve the block of certain types of packets?
Thanks very much!
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Rhapsody
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxx
!
!
!
!
!
ip subnet-zero
ip dhcp excluded-address 192.168.4.1 192.168.4.20
!
ip dhcp pool wc
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 206.13.28.12 206.13.31.12
domain-name rhapsody
lease 14
!
!
!
!
process-max-time 200
!
interface Multilink1
ip address 192.168.5.2 255.255.255.248 secondary
ip address 192.168.1.2 255.255.255.0
ip directed-broadcast
ip nat outside
no cdp enable
ppp multilink
multilink load-threshold 2 either
multilink-group 1
!
interface Ethernet0/0
ip address a.b.c.145 255.255.255.240
ip directed-broadcast
full-duplex
!
interface Serial0/0
ip unnumbered Multilink1
ip directed-broadcast
encapsulation ppp
no ip mroute-cache
no fair-queue
ppp multilink
multilink-group 1
!
interface Serial0/1
ip unnumbered Multilink1
ip directed-broadcast
encapsulation ppp
no ip mroute-cache
no fair-queue
ppp multilink
multilink-group 1
!
interface FastEthernet1/0
ip address 192.168.4.1 255.255.255.0
ip directed-broadcast
ip nat inside
!
ip nat translation timeout 43200
ip nat inside source list 101 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route a.b.c.144 255.255.255.240 FastEthernet1/0
no ip http server
!
access-list 7 permit any
access-list 20 permit any
access-list 21 permit any
access-list 22 permit any
access-list 23 permit any
access-list 25 permit any
access-list 101 permit tcp any any
access-list 101 permit ip any any
access-list 101 permit udp any any
access-list 101 permit tcp any any established
access-list 101 permit 110 any any
access-list 101 permit icmp any any
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 113 permit tcp any any
access-list 113 permit udp any any
access-list 113 permit tcp any any eq smtp
access-list 113 permit tcp any any eq ftp
access-list 113 permit tcp any any eq pop3
access-list 113 permit tcp any any eq telnet
access-list 113 permit tcp any any eq www
access-list 113 permit udp any any eq domain
access-list 113 permit tcp any any eq echo
snmp-server engineID local 0000000902000030805C6040
snmp-server community public RO
!
line con 0
transport input none
line aux 0
line vty 0 4
password xxxxxxxxxxx
login
!
!
no scheduler allocate
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide