From: alain faure (alainfaure@xxxxxxxx)
Date: Sat Mar 02 2002 - 13:17:40 GMT-3
Hi,
well i didn't find why but it seemes that the local policy for telnet and for
dlsw is not used (i don't know why because it work with ping).
So for now i use a static route.
If somebady see the point i will be interrested.
--- alain faure <alainfaure@yahoo.fr> a icrit : > Well,
>
> as i am on my work i try a solution:
>
> i allowed route 112 113 116 and 117 again between r3 --> r1
> AND i put in global
> ip nat outside source static network 113.0.0.0 112.0.0.0 /8
> ip nat outside source static network 117.0.0.0 116.0.0.0 /8
>
> and in int s0(interface on r1 going to r3)
> ip nat outside
>
> and that work
> -------------------------------------------
>
> But now i want to use only policy routing on r1 for i don't want routing
> update
> going from r3 to r1.
> for now i could't make it work:
>
> ip local policy route-map TONAT
>
> ip access-list extended tonat
> permit ip any 113.0.0.0 0.255.255.255
> permit ip any 117.0.0.0 0.255.255.255
> permit ip any 112.0.0.0 0.255.255.255
> permit ip any 116.0.0.0 0.255.255.255
> !
> route-map TONAT permit 10
> match ip address tonat
> set ip next-hop 13.1.13.3
>
> anybody interrested ?
>
> --- alain faure <alainfaure@yahoo.fr> a icrit : > Hi,
> >
> > well, new day, new pbm.
> >
> > r1----ripv2----(nat outside) @13.1.13.3 r3(nat inside)-----ospf----r6
> >
> > I suppose maybye it can be related to the thread about nat strange
> behavior.
> > I a not very used to nat.
> >
> > Ok,
> >
> > on r6 there is a loopback 116.1.1.1
> > on r1 there is a loopback 115.1.1.1
> >
> > on r3 i put :
> > router rip
> > redistribute ospf 1
> > network 13.1.0.0
> > default-metric 1
> > distribute-list nonatnetwork out Serial0/0
> > !
> > ip nat inside source static network 116.0.0.0 117.0.0.0 /8
> > ip nat inside source static network 112.0.0.0 113.0.0.0 /8
> > ip classless
> > ip http server
> > ip pim bidir-enable
> > !
> > !
> > ip access-list standard nonatnetwork
> > deny 112.0.0.0 0.255.255.255
> > deny 116.0.0.0 0.255.255.255
> > permit any
> > !
> >
> > So 112.0.0.0 and 116.0.0.0 are nated to respectivly 113.0.0.0 and
> 117.0.0.0.
> > 112.0.0.0 and 116.0.0.0 routes are not going to r1 on witch i put a policy
> > routing.
> >
> > On r1:
> > router rip
> > version 2
> > timers basic 30 180 0 240
> > network 13.1.0.0
> > network 115.0.0.0
> > network 150.50.0.0
> > no auto-summary
> > !
> > ip local policy route-map TONAT
> > ip kerberos source-interface any
> > ip classless
> > ip http server
> > !
> > !
> > ip access-list extended tonat
> > permit ip any 113.0.0.0 0.255.255.255
> > permit ip any 117.0.0.0 0.255.255.255
> > permit ip any 112.0.0.0 0.255.255.255
> > permit ip any 116.0.0.0 0.255.255.255
> >
> > route-map TONAT permit 10
> > match ip address tonat
> > set ip next-hop 13.1.13.3
> > ---------------------------------------
> > well, when i ping 116.1.1.1 it ok
> > R1#ping 116.1.1.1
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 116.1.1.1, timeout is 2 seconds:
> > !!!!!
> > Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
> > R1#ping 113.1.1.1
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 113.1.1.1, timeout is 2 seconds:
> > !!!!!
> > Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
> > -----------------------------------
> > but, and that's the point when i made a DSLW peer or telnet 116.1.1.1 that
> > don't work.
> >
> > R1#telnet 116.1.1.1
> > Trying 116.1.1.1 ...
> > % Destination unreachable; gateway or host down
> > ----------------------------------------------
> > On r3 :
> > R3#telnet 116.1.1.1
> > Trying 116.1.1.1 ... Open
> >
> >
> > User Access Verification
> >
> > Password:
> >
> > ----------------------------------------------
> > Some body have an explanation for that or a clue ?
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:51 GMT-3