Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing and NAT

Hello Community,

i got one question.

I'm using to Cisco Routers with differnt ISPs and NATing to connect to the internet.

Router A is set as default gateway for the LAN Hosts.

Now i want to set up host routes on router A for some LAN clients to go through Router B and than to internet.

For Example: Client explorer wants to connect to www.cisco.com. Way should be Client > Router A > Router B > www.cisco.com

But when i set the route on router a, ip route 172.16.0.57 255.255.255.255 172.16.0.100 (router B) the tracert shows that the client with ip 172.16.0.57 directly connects via router a and ist not going through router b.

Tracing route to e144.cd.akamaiedge.net [88.221.136.170]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  172.16.0.101
  2     2 ms     1 ms     2 ms  192.168.2.1
  3    24 ms    23 ms    22 ms  217.0.119.235
  4    22 ms    23 ms    26 ms  217.0.91.202
  5    38 ms    35 ms    36 ms  217.5.66.210
  6    35 ms    36 ms    36 ms  88.221.136.170

Any ideas what's going wrong?

Thanks and Greetings I. Jacob

4 REPLIES
Cisco Employee

Re: Routing and NAT

Hello Jacob,

What you want to do cannot be done using ordinary routing. Ordinary IP routing takes only the destination into consideration when making a routing decision. However, what you want to do is making the router to consider both the source and the destination when routing a packet. This can be done using a functionality called Policy Based Routing.

The command you have added on the Router A has a different effect than you intended: The command ip route 172.16.0.57 255.255.255.255 172.16.0.100 essentially tells the router that if it receives a packet with the destination of 172.16.0.57, it shall send it to the router 172.16.0.100. I believe that this is actually what you don't want to do - the Router A is capable of delivering the packet to the 172.16.0.57 directly but you are forcing the Router A to deliver the packet via an extra hop through Router B.

In any case, if you want to make some stations to use a different gateway then the configuration on the Router A would be as follows:

ip access-list standard ACL-PBR1

permit host 172.16.0.57

! Repeat the permit line for any other host to be routed specially

route-map RM-PBR permit 10

match ip address ACL-PBR1

set ip next-hop 172.16.0.100

interface FastEthernet0/0

! I assume this is the interface connected to the internal network

ip policy route-map RM-PBR

This configuration is what we call Policy Based Routing. It makes the router to inspect the IP packets coming into the Fa0/0 interface. If the packets match the ACL-PBR1 access-list (that is, if the source is permitted by this standard ACL) then they will be forwarded to the next-ho 172.16.0.100, bypassing the routing table on the router. If the packets do not match the ACL, they will be routed normally according to the routing table.

Best regards,

Peter

New Member

Re: Routing and NAT

Hello Peter,

thanks for your answer.

I will test this tomorrow.

The route i set up was definitly wrong, you are right. The mistake got through my mind after writing the first post.

I will let you now tomorrow, if it worked.

New Member

Re: Routing and NAT

Hello Peter,

I tested your configuration and it worked.

Thank you!

Kind regards

Ingemar

Cisco Employee

Re: Routing and NAT

Hello,

I am glad to have helped. And I apologize if I inadvertently called you by your surname - frankly, I am not sure whether Ingemar or Jacob is your first name, and I apologize sincerely for that.

Best regards,

Peter

562
Views
5
Helpful
4
Replies