10-13-2010 03:35 AM - edited 03-04-2019 10:06 AM
I have set up a 1921 router with 2 Dialer interfaces connected to 2 different ISP's. I used the ip route 0.0.0.0 0.0.0.0 interface Dialer0 for all the internet traffic without any problems but I want to make an exception for the DMVPN traffic and route that over the Dialer1 interface. I created an access list that matches on the destination IP address of the DMVPN hub and a route map that sends the traffic by means of next-hop to the IP address of the Dialer1 interface. However when I try to set this I get an error message that the IP address "is our own" and I can't complete the route map. Any thoughts on what I am doing wrong?
Thank you in advance for your input.
10-14-2010 10:32 AM
Sounds like you may be mixing the local net with the remote net in the route map command.
I see your files attached, but cannot open 'em.
Perhaps paste in-line so we can have a look-see.
Regards
frank
10-14-2010 12:46 PM
Here we go:
version 15.0
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ew38
!
boot-start-marker
boot-end-marker
!
enable secret 5 $
!
aaa new-model
aaa local authentication attempts max-fail 3
!
!
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
!
no ipv6 cef
no ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.20.1 192.168.20.20
ip dhcp excluded-address 192.168.20.250 192.168.20.254
ip dhcp excluded-address 192.168.20.112
ip dhcp excluded-address 192.168.33.1 192.168.33.50
ip dhcp excluded-address 192.168.33.254
!
ip dhcp pool local-pool
import all
network 192.168.20.0 255.255.255.0
dns-server 213.75.63.36 213.75.63.70
default-router 192.168.20.1
!
ip dhcp pool remote-pool
import all
network 192.168.33.0 255.255.255.0
dns-server 213.75.63.36 213.75.63.70
default-router 192.168.33.254
!
ip dhcp pool guests-pool
import all
network 192.168.240.0 255.255.255.0
dns-server 213.75.63.36 213.75.63.70
default-router 192.168.240.1
!
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn
!
!
username ciscoadmin privilege 15 secret 5 $
!
redundancy
!
!
controller SHDSL 0/1/0
dsl-group 0 pairs 0
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
no cdp enable
!
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 33
ip address 192.168.33.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 240
ip address 192.168.240.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly
shutdown
duplex auto
speed auto
no cdp enable
no mop enabled
!
!
interface ATM0/0/0
no ip address
load-interval 30
no atm ilmi-keepalive
!
!
interface ATM0/0/0.1 point-to-point
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
load-interval 30
no atm ilmi-keepalive
!
!
interface ATM0/1/0.1 point-to-point
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username password 0
no cdp enable
!
!
interface Dialer1
ip address xxx.xxx.xxx.201 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication pap callin
ppp pap sent-username password 0
no cdp enable
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended dmvpn
permit ip 192.168.20.0 0.0.0.255 any
deny ip any any
!
access-list 100 permit ip 192.168.20.0 0.0.0.255 any
access-list 100 permit ip 192.168.33.0 0.0.0.255 any
access-list 100 permit ip 192.168.240.0 0.0.0.255 any
access-list 110 permit ip 192.168.20.0 0.0.0.255 any
access-list 110 permit ip 192.168.13.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
no cdp run
!
!
!
route-map dmvpn-out-sdsl permit 10
match ip address dmvpn
set ip default next-hop xxx.xxx.xxx.201 <-- gateway IP of dialer 1 interface
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
access-class 110 in
privilege level 15
transport input telnet ssh
transport output none
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end
10-19-2010 03:06 PM
Seems I was overcomplicating things, the fix is as obvious as this:
1) Create 2 ip routes
ip route
ip route 0.0.0.0 0.0.0.0 dialer 0 20
2) Declare the tunnel source to be the correct interface
No need for route maps. Done.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: