Re: dlsw (probably telnet) and nat (other strange behavior ?)

From: alain faure (alainfaure@xxxxxxxx)
Date: Sat Mar 02 2002 - 12:26:13 GMT-3

   
Well,

as i am on my work i try a solution:

i allowed route 112 113 116 and 117 again between r3 --> r1
AND i put in global
ip nat outside source static network 113.0.0.0 112.0.0.0 /8
ip nat outside source static network 117.0.0.0 116.0.0.0 /8

and in int s0(interface on r1 going to r3)
ip nat outside

and that work
-------------------------------------------

But now i want to use only policy routing on r1 for i don't want routing update
going from r3 to r1.
for now i could't make it work:

ip local policy route-map TONAT

ip access-list extended tonat
 permit ip any 113.0.0.0 0.255.255.255
 permit ip any 117.0.0.0 0.255.255.255
 permit ip any 112.0.0.0 0.255.255.255
 permit ip any 116.0.0.0 0.255.255.255
!
route-map TONAT permit 10
 match ip address tonat
 set ip next-hop 13.1.13.3

anybody interrested ?

 --- alain faure <alainfaure@yahoo.fr> a icrit : > Hi,
>
> well, new day, new pbm.
>
> r1----ripv2----(nat outside) @13.1.13.3 r3(nat inside)-----ospf----r6
>
> I suppose maybye it can be related to the thread about nat strange behavior.
> I a not very used to nat.
>
> Ok,
>
> on r6 there is a loopback 116.1.1.1
> on r1 there is a loopback 115.1.1.1
>
> on r3 i put :
> router rip
> redistribute ospf 1
> network 13.1.0.0
> default-metric 1
> distribute-list nonatnetwork out Serial0/0
> !
> ip nat inside source static network 116.0.0.0 117.0.0.0 /8
> ip nat inside source static network 112.0.0.0 113.0.0.0 /8
> ip classless
> ip http server
> ip pim bidir-enable
> !
> !
> ip access-list standard nonatnetwork
> deny 112.0.0.0 0.255.255.255
> deny 116.0.0.0 0.255.255.255
> permit any
> !
>
> So 112.0.0.0 and 116.0.0.0 are nated to respectivly 113.0.0.0 and 117.0.0.0.
> 112.0.0.0 and 116.0.0.0 routes are not going to r1 on witch i put a policy
> routing.
>
> On r1:
> router rip
> version 2
> timers basic 30 180 0 240
> network 13.1.0.0
> network 115.0.0.0
> network 150.50.0.0
> no auto-summary
> !
> ip local policy route-map TONAT
> ip kerberos source-interface any
> ip classless
> ip http server
> !
> !
> ip access-list extended tonat
> permit ip any 113.0.0.0 0.255.255.255
> permit ip any 117.0.0.0 0.255.255.255
> permit ip any 112.0.0.0 0.255.255.255
> permit ip any 116.0.0.0 0.255.255.255
>
> route-map TONAT permit 10
> match ip address tonat
> set ip next-hop 13.1.13.3
> ---------------------------------------
> well, when i ping 116.1.1.1 it ok
> R1#ping 116.1.1.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 116.1.1.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
> R1#ping 113.1.1.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 113.1.1.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
> -----------------------------------
> but, and that's the point when i made a DSLW peer or telnet 116.1.1.1 that
> don't work.
>
> R1#telnet 116.1.1.1
> Trying 116.1.1.1 ...
> % Destination unreachable; gateway or host down
> ----------------------------------------------
> On r3 :
> R3#telnet 116.1.1.1
> Trying 116.1.1.1 ... Open
>
>
> User Access Verification
>
> Password:
>
> ----------------------------------------------
> Some body have an explanation for that or a clue ?
>
>

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:51 GMT-3