Re: NAT and Policy Routing

From: Bob Sinclair (bsin@xxxxxxxxx)
Date: Tue Mar 12 2002 - 20:55:43 GMT-3

• Next message: MADMAN: "Re: ISDN Multilink issue...."
• Previous message: David A Goddard: "Re: ISDN Multilink issue...."
• Maybe in reply to: Bob Sinclair: "NAT and Policy Routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
David:

Thanks very much for the help. Tried the no ip route-cache, but does not seem
to help.

One thing I notice: If I do : set ip next-hop then I get a translation for d
estinations that are in the routing table, but no translation for destinations
not in the routing table.

When I do: set ip default next-hop, I get no translation and no successful pi
ng, unless the destination is in the routing table.

So: seems to work with either policy, as long as the destination is in the rou
ting table.

If you get a chance, could you give it a shot with "set ip default next-hop, an
d try reaching an address not in the local table?

-Bob

----- Original Message -----
From: "David A Goddard" <goddardtek@nc.rr.com>
To: "Bob Sinclair" <bsin@erols.com>
Sent: Tuesday, March 12, 2002 6:17 PM
Subject: Re: NAT and Policy Routing

> Nope, here's my inside interface config
>
> !
> interface Ethernet0
> ip address 10.0.0.2 255.255.255.0 secondary
> ip address 200.0.0.2 255.255.255.0
> ip nat inside
> ip policy route-map POLICY
> !
>
> hth,
> Dave
> ----- Original Message -----
> From: "Bob Sinclair" <bsin@erols.com>
> To: "David A Goddard" <goddardtek@nc.rr.com>
> Sent: Tuesday, March 12, 2002 6:13 PM
> Subject: Re: NAT and Policy Routing
>
>
> Hard to keep up with the capabilities of all the various IOS versions. Are
> you adding the policy route-map to the end of the ip nat inside...
> statement?
>
> -Bob
>
> ----- Original Message -----
> From: "David A Goddard" <goddardtek@nc.rr.com>
> To: "Bob Sinclair" <bsin@erols.com>
> Sent: Tuesday, March 12, 2002 6:03 PM
> Subject: Re: NAT and Policy Routing
>
>
> > Bob, for what it's worth, I'm running version 12.1(2a)XH and I can do
> > both....
> >
> > Dave
> > ----- Original Message -----
> > From: "Bob Sinclair" <bsin@erols.com>
> > To: "Harris, Joe F" <Joe_Harris@AIMFUNDS.COM>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Tuesday, March 12, 2002 5:28 PM
> > Subject: Re: NAT and Policy Routing
> >
> >
> > > Joe,
> > >
> > > Thanks for the links. Answer appears to be: before 12.2 you can't do
> > both NAT and Policy Routing. 12.2 appears to add the ability to add a
> > policy routing route-map to the end of the the ip nat inside..
> statement,
> > as in the example below:
> > >
> > > interface Ethernet3
> > > ip address 172.68.1.100 255.255.255.0
> > > ip nat outside
> > > media-type 10BaseT
> > > !
> > > interface Ethernet4
> > > ip address 192.68.1.100 255.255.255.0
> > > ip nat outside
> > > media-type 10BaseT
> > > !
> > > interface Ethernet5
> > > ip address 11.1.1.100 255.255.255.0
> > > ip nat inside
> > > media-type 10BaseT
> > > !
> > > router rip
> > > network 172.68.0.0
> > > network 192.68.1.0
> > > !
> > > ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2
> > > ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1
> > > ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2
> > > ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1
> > >
> > > access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.
> > > access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255
> > > !
> > > route-map isp2 permit 10
> > > match ip address 102
> > > set ip next-hop 192.68.1.1
> > > !
> > > route-map isp1 permit 10
> > > match ip address 101
> > > set ip next-hop 172.68.1.1
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Harris, Joe F" <Joe_Harris@AIMFUNDS.COM>
> > > To: "Bob Sinclair" <bsin@erols.com>
> > > Sent: Tuesday, March 12, 2002 5:01 PM
> > > Subject: RE: NAT and Policy Routing
> > >
> > >
> > > > These links might be a good start:
> > > >
> > > >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
> > > > t/122t4/ftnatrt.htm
> > > >
> > > > http://www.cisco.com/warp/public/105/nat_routemap.html
> > > >
> > > > Let me know if the direction you are trying to go or if I am totally
> of
> > base
> > > > here?
> > > >
> > > > -Joe
> > > >
> > > > -----Original Message-----
> > > > From: Bob Sinclair [mailto:bsin@erols.com]
> > > > Sent: Tuesday, March 12, 2002 3:31 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: NAT and Policy Routing
> > > >
> > > >
> > > > Folk:
> > > >
> > > > Sorry if this has been covered before, but I can't seem to find
> anything
> > on
> > > > this point in the archives or on CCO.
> > > >
> > > > Got NAT working fine. Got policy routing working fine. But not the
> > > > combination. I would like to NAT on a router, and also do a policy
> that
> > > > gives a default next-hop IP address if there is not a route in the
> > table.
> > > > Seems that when the policy kicks in, the NAT does not happen.
> > > >
> > > > Have seen in previous posts the statement that the policy routing
> takes
> > > > place before the NAT (inside to outside). But I am getting no NAT at
> > all
> > > > with the policy enabled.
> > > >
> > > > Anyone have an idea as to how this can work?
> > > >
> > > > Thanks in advance.

• Next message: MADMAN: "Re: ISDN Multilink issue...."
• Previous message: David A Goddard: "Re: ISDN Multilink issue...."
• Maybe in reply to: Bob Sinclair: "NAT and Policy Routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:02 GMT-3