RE: ip local policy/nat

From: Yakout esmat (yesmat@xxxxxxxxxxxxxx)
Date: Sat Jul 13 2002 - 07:43:23 GMT-3

• Next message: Yakout esmat: "RE: FTP ports"
• Previous message: Yakout esmat: "RE: Ethernet Secondary Address and ping/Rip"
• Maybe in reply to: kpalmer: "ip local policy/nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Your policy route-map setdefault is configured on both interfaces serial 0
and ethernet0 on R2, which means that any packet coming through either
interfce will have to check the route-map.
The route-map directs all traffic (permit any) to next hop of 62.7.11.11.

Example, if you have any packets coming from R1, R2 will (based on
access-list 1 and policy map) set next hop back to R1 (62.7.11.11)
And when you ping R1 from R13, traffic gets nated by R2 and out to
92.7.11.11 (based on policy map), and when reply comes back from R1 through
R2, traffic gets diverted back to R1 again.

Obviously when you remove your policy routing NAT works fine.

HTH

Yakout

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
kpalmer
Sent: Saturday, July 13, 2002 2:58 PM
To: ccielab@groupstudy.com
Subject: ip local policy/nat

Howdey,

I'm doing lab 18, ccieboot. I recall having the same problem last time I
did this
Lab as well. Hopefully we can resolve.

R1-s0-----s0-R2-e0-----e0-R13

R2 is not running a rtr protocol w/ R1. R2 is using *nat inside source
static*
to translate R13's eth0 connection to R2. Config works perfect until I
add the
required *ip local policy route-map* to R2's S0 & ETH 0 w/ acts as the
required
default route.

I looked at CCIEboot's config's and they are identical to what I have.
But I can't ping the statically translated R13 ETH0 ??? Get U.U.U

Here's my R2 config. Is there any obvious reason the policy map is
failing the ICPM??...from R1?

The *local* refers to self generated, right? So why are packets from R1
being effected. Again, it works fine with the *policy* not applied.

R2>

interface Serial0
 ip address 62.7.11.9 255.255.255.0
 ip nat outside
 no ip mroute-cache
 no fair-queue
 ip policy route-map setdefault

interface Ethernet0
 ip address 172.27.2.9 255.255.255.240
 ip nat inside
 ip policy route-map setdefault

ip local policy route-map setdefault
ip nat inside source static *172.27.2.10 62.7.11.10
ip classless

access-list 1 permit any log

route-map setdefault permit 10
 match ip address 1
 set ip precedence critical
 set ip next-hop 62.7.11.11

*R13's non-route advertised, eth 0.

Help requested!

Kip Palmer

• Next message: Yakout esmat: "RE: FTP ports"
• Previous message: Yakout esmat: "RE: Ethernet Secondary Address and ping/Rip"
• Maybe in reply to: kpalmer: "ip local policy/nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:28 GMT-3