Route maps problem

junshah22 · ‎10-04-2009

I am trying to configure route maps in cisco 1811 router, one wan port connected to the internet and the second one with company network,

the vlan 1 interface is used to connect inside network,

some times I get reply from both links, but some times response stops from company network link or internet,

Is Cisco 1811 router sufficient for Policy Based Routing??

Please look into my config and advise..

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname MTL-1811

!

boot-start-marker

boot-end-marker

!

enable secret 5 $xxxxxxxxxxxxxxxxxI/

!

aaa new-model

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

aaa session-id common

!

resource policy

!

ip cef

!

ip domain name millat.com.pk

ip name-server 10.16.6.11

!

username Junaid privilege 15 secret 5 $xxxxxxxxxxxxxxxxxxxxxx0

!

interface FastEthernet0

ip address 192.168.95.65 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet1

ip address 192.168.218.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet2

!

interface Vlan1

ip address 192.168.74.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map company_network

!

interface Async1

no ip address

encapsulation slip

!

ip route 0.0.0.0 0.0.0.0 192.168.95.1

!

no ip http server

no ip http secure-server

ip nat inside source list internet interface FastEthernet0 overload

ip nat inside source route-map company_network interface FastEthernet1 overload

ip access-list extended go_vpn

permit ip 192.168.74.0 0.0.0.255 192.168.218.0 0.0.0.255

permit ip 192.168.74.0 0.0.0.255 192.168.217.0 0.0.0.255

permit ip 192.168.74.0 0.0.0.255 192.168.1.0 0.0.0.255

ip access-list extended internet

deny ip 192.168.74.0 0.0.0.255 192.168.218.0 0.0.0.255

deny ip 192.168.74.0 0.0.0.255 192.168.1.0 0.0.0.255

deny ip 192.168.74.0 0.0.0.255 192.168.217.0 0.0.0.255

permit ip any any

!

route-map company_network permit 10

match ip address go_vpn

set ip next-hop 192.168.218.254

!

control-plane

!

line vty 0 4

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

MTL-1811#

Giuseppe Larosa · ‎10-05-2009

Hello Junaid,

I don't understand why you are natting towards your company it should be enough to route towards it.

I would remove the following line:

ip nat inside source route-map company_network interface FastEthernet1 overload

also just few static routes should be enough to reach company network IP subnets.

192.168.217.0/24

192.168.1.0/24

Hope to help

Giuseppe

junshah22 · ‎10-05-2009

The company network is connected with carier VPN service,, they are using BGP with MPLS.... thats why I used this command...

Giuseppe Larosa · ‎10-05-2009

Hello Junaid,

again an MPLS L3 VPN service usually can support your private address plan.

Check with your service provider

Hope to help

Giuseppe

junshah22 · ‎10-05-2009

ok,, will talk to the service provider and will let you know very soon,,

thanks