10-04-2009 11:28 PM - edited 03-04-2019 06:15 AM
I am trying to configure route maps in cisco 1811 router, one wan port connected to the internet and the second one with company network,
the vlan 1 interface is used to connect inside network,
some times I get reply from both links, but some times response stops from company network link or internet,
Is Cisco 1811 router sufficient for Policy Based Routing??
Please look into my config and advise..
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MTL-1811
!
boot-start-marker
boot-end-marker
!
enable secret 5 $xxxxxxxxxxxxxxxxxI/
!
aaa new-model
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
ip cef
!
ip domain name millat.com.pk
ip name-server 10.16.6.11
!
username Junaid privilege 15 secret 5 $xxxxxxxxxxxxxxxxxxxxxx0
!
interface FastEthernet0
ip address 192.168.95.65 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
ip address 192.168.218.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface Vlan1
ip address 192.168.74.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map company_network
!
interface Async1
no ip address
encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 192.168.95.1
!
no ip http server
no ip http secure-server
ip nat inside source list internet interface FastEthernet0 overload
ip nat inside source route-map company_network interface FastEthernet1 overload
ip access-list extended go_vpn
permit ip 192.168.74.0 0.0.0.255 192.168.218.0 0.0.0.255
permit ip 192.168.74.0 0.0.0.255 192.168.217.0 0.0.0.255
permit ip 192.168.74.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended internet
deny ip 192.168.74.0 0.0.0.255 192.168.218.0 0.0.0.255
deny ip 192.168.74.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.74.0 0.0.0.255 192.168.217.0 0.0.0.255
permit ip any any
!
!
route-map company_network permit 10
match ip address go_vpn
set ip next-hop 192.168.218.254
!
control-plane
!
line vty 0 4
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
MTL-1811#
10-05-2009 12:05 AM
Hello Junaid,
I don't understand why you are natting towards your company it should be enough to route towards it.
I would remove the following line:
ip nat inside source route-map company_network interface FastEthernet1 overload
also just few static routes should be enough to reach company network IP subnets.
192.168.217.0/24
192.168.1.0/24
Hope to help
Giuseppe
10-05-2009 01:17 AM
The company network is connected with carier VPN service,, they are using BGP with MPLS.... thats why I used this command...
10-05-2009 02:27 AM
Hello Junaid,
again an MPLS L3 VPN service usually can support your private address plan.
Check with your service provider
Hope to help
Giuseppe
10-05-2009 02:30 AM
ok,, will talk to the service provider and will let you know very soon,,
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: