01-06-2007 01:00 AM - edited 03-03-2019 03:16 PM
hi to all
can any body help me out regarding this problem
i have 1721 router in this router i have two leased line in this.
my requirment
1. some prime users packet should go via Serial0
and rest useres packet should go via serial1
2. if s0 will dwon all prime users all shoul go via s1
can any body tell me configuration for this requirment
01-06-2007 02:39 AM
Hi
You can use route-map to do the same .
1.Create a access-list for listing the prime users source ips
access-list 1 permit x.x.x.x
access-list 1 permit y.y.y.y
2.Create a route-map to set the next-hop for prime users
route-map prime-users permit 10
match ip address 1
set interface s0
3.All others except the prime users would go through the S1
ip route 0.0.0.0 0.0.0.0 s1
In case your S0 goes down , the route-map will have no interface to put the packet as s0 is down , so it sends the traffic default to s1.
In case of s1 failure , have a higher metric route to s0 so that during failure you have a auto fallback
ip route 0.0.0.0 0.0.0.0 s1 200 ---- higher metric.
Hope this helps
regards
vanesh k
01-06-2007 04:36 AM
thanx for reply
tell me wat is the nating confguration for this
01-06-2007 05:13 AM
Hi
I have not tried this , pls configure to check it out
You need to do pat for making ur multiple users to access internet.
1.For specific users to go via S0
a. Access-list for the specific users already created
pat :
ip nat inside source list 1 interface s0 overload
b.Access-list for other users
access-list 2 permit x.x.x.0 0.0.0.255 --- if your internal segment is /24
pat :
ip nat inside source list 2 interface s1 overload
c.During S1 failure for all traffic to go via S0
access-list 3 permit x.x.x.0 0.0.0.255
ip nat inside source list 3 interface s0 overload
int s0
ip nat outside
int s1
ip nat outside
int e0
ip nat inside
ip policy route-map prime-user
Pls try and let us know the results
Hope this helps
regards
vanesh k
01-06-2007 06:11 AM
thanx i ll try this conf
but i already tryied this conf
i tried this confg
it just a example:-
lets prime user ip is 192.168.5.6
so i did configrutatin like that
access-list 1 permit 192.168.5.6 0.0.0.0
rout-map primeusers sequence 100
match ip address 1
set interface s1 s0
rout-map othersusers 2
set interface s0
ip nat inside source route-map primeusers interface s1
ip nat inside source route-map othersusers interface s0
int e0
ip nat inside
ip policy route-map primeuser
but when s1 is getting down packet it not going via s0
my dought is some problem with nating plz find out right configuration
01-06-2007 06:28 AM
Hi
Just add another acl
access-list 2 permit 192.168.5.0 0.0.0.255
and change this
ip nat inside source list 2 interface s0 overlaod .
Just try this config first and then try the config given by me
Hope this helps
regareds
vanesh k
01-06-2007 06:35 AM
thanx
i will go there on monday morning i ll try this u r frm which city?
01-07-2007 10:01 PM
i tried this confg
it just a example:-
lets prime user ip is 192.168.5.6
so i did configuration like this:-
access-list 1 permit 192.168.5.6 0.0.0.0
rout-map primeusers sequence 10
match ip address 1
set interface s1 s0
rout-map othersusers 20
match ip address 1
set interface s1 s0
route-map othersusers 30
set s0
ip nat inside source route-map primeusers interface s1
ip nat inside source route-map othersusers interface s0
int e0
ip nat inside
but when s1 is getting down packet it not going via s0
my dought is some problem with nating plz find out right configuration
01-07-2007 10:12 PM
Did you add the static route & policy-map commands that suggest by network.king ?
ip route 0.0.0.0 0.0.0.0 s0 <-- primary path
ip route 0.0.0.0 0.0.0.0 s1 200 <-- backup if s0 down
int e 0
ip policy-map otherusers
If you have the static route configured in the router, you need to set the normal traffic. You only need to specify the traffic which you want to route to s1 and apply it as policy-based routing.
i.e. if match the access-list, forward the packet to s1, otherwise, follow the routing table to forward the packet to s0.
Can you post the full config. then we can check it ?
Hope this helps.
01-07-2007 10:35 PM
i have 1721 router in this router i have two leased line in this.
my requirment
1. some prime users packet should go via Serial0
and rest useres packet should go via serial1
2. if s0 will dwon all prime users all shoul go via s1
can any body tell me configuration for this requirment
i tried this confg
it just a example:-
lets prime user ip is 192.168.5.6
so i did configuration like this:-
access-list 1 permit 192.168.5.6 0.0.0.0
rout-map primeusers sequence 10
match ip address 1
set interface s1 s0
rout-map othersusers 20
match ip address 1
set interface s1 s0
route-map othersusers 30
set s0
ip route 0.0.0.0 0.0.0.0 s1
ip route 0.0.0.0 0.0.0.0 s0
ip nat inside source route-map primeusers interface s1
ip nat inside source route-map othersusers interface s0
int e0
ip nat inside
but when s1 is getting down packet it not going via s0
my dought is some problem with nating plz find out right configuration
01-07-2007 10:39 PM
Hi Rohit,
Pls let me know wheter you tried the config given by me in the earlier post
regards
vanesh k
01-07-2007 11:15 PM
ya i aleary tryed that one but its not working
01-07-2007 10:54 PM
Thanks for the config. Please check my comments as below :
access-list 1 permit 192.168.5.6 0.0.0.0
access-list 2 permit any <-- add this for NAT
rout-map primeusers sequence 10
match ip address 1
set interface s0 <-- remove s1 and set s0 as next-hop
no rout-map othersusers 20 <-- no need this route-map
match ip address 1 <-- no need this route-map
set interface s1 s0 <-- no need this route-map
route-map othersusers 30 <-- no need this route-map
set s0 <-- no need this route-map
ip route 0.0.0.0 0.0.0.0 s1
ip route 0.0.0.0 0.0.0.0 s0 200 <-- Add flowing static to this route, s0 as backup path
ip nat inside source list 2 overload <-- change to use access-list 2 (all traffic) and add 'overload' for port address translation
ip nat inside source route-map othersusers interface s0 overload <-- remove this nat rule
int e0
ip nat inside
ip policy route-map primeuser <-- add this to enable policy-based routing
int s0
ip nat outside <-- add this for NAT
int s1
ip nat outside <-- add this for NAT
In above suggestion, the primary path is s1 for all user except prime user. Primeuser will use s0 for outgoing. If s0 down, the primeuser will use s1 for outgoing as same as other users. If s1 down, the floating-static will take effect that s0 will be the outgoing path for all users (including primeuser).
Please check below link for more information of different features :
NAT :
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml
PBR :
Floating-static :
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080093d6e.shtml
Please read above links that let you understand the operation and the correct commands format.
Hope this helps.
01-07-2007 11:18 PM
thanx for this but my dought is
plzz can u give me the clear picture of nat cammond
in which interface i have to overload
we have interface so s1 which int i need do ovlerload
01-07-2007 11:23 PM
According to my suggestion. Both s0 & s1 should be enable overload, the reason is both links may be the backup for another, so you have to enable both.
However, the problem of your original config is not only the NAT and also the routing problem. Please try to follow my suggestion or Venash's suggestion to test it again.
Moreover, if you can provide FULL config.(w/o password shown) to us, we can help more.
And, please read the links that I provided, they are useful for you to understand the feature operation.
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: