From: David C Prall (dcp@dcptech.com)
Date: Thu Oct 31 2002 - 23:49:07 GMT-3
You need to use an extended access-list within your route-map that defines
the destination addresses. And you'll only need the match ip address.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080
093fca.shtml
-- David C Prall dcp@dcptech.com http://dcp.dcptech.com> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of > Hunt Lee > Sent: Thursday, October 31, 2002 9:14 PM > To: 'ccielab@groupstudy.com' > Subject: NAT translation problem > > > I have configured a 3 routers EBGP (see picture below). What I am trying > to achieve is that when a packet is forwarded to RTB, the packet > will have a > sournce address from 205.113.50.0/23; when a packet is forwarded to > RTC, the packet must have a source address of 207.36.76.0/23. > > For going to RTB, I based this on saying if the outgoing interface for > the packet is s0/0 (the int to RTB), then this packet must be for RTB > (hence NAT range 205.113.50.0/23). > > As for going to RTC, I based this on if the Next-Hop IP for the packet > is 207.36.65.254, then this packet destination must be for RTC, hence > NAT range 207.36.76.0/23). > > RTB RTC > \ / > RTA > | > 10.0.0.0/8 (Inside network) > > The thing is, for the packets towards RTB, the NAT works fine. > > But for the packets towards RTC, it works for the first few > packets (i.e. I > could see it on "show ip nat translations" & debug messages, but anytime > after > that (even when the NAT entries have expired, it would not be > able to be NAT > again. > > here's RTA config... > > interface FastEthernet0/0 > description Inside NAT > ip address 10.1.1.1 255.255.0.0 > ip nat inside > duplex auto > speed auto > > interface Serial0/0 > description to Outside ISP 1 - RTB > ip address 205.113.49.253 255.255.255.252 > ip nat outside > clockrate 64000 > > interface Serial0/1 > description to Outside ISP 2 - RTC > ip address 207.36.65.253 255.255.255.252 > ip nat outside > clockrate 64000 > > ip nat pool PoolOne 205.113.50.1 205.113.51.254 netmask 255.255.254.0 type > match-host > ip nat pool PoolTwo 207.36.76.1 207.36.76.254 netmask 255.255.254.0 type > match-host > ip nat inside source route-map ISP1 pool PoolOne > ip nat inside source route-map ISP2 pool PoolTwo > > access-list 1 permit 10.0.0.0 0.255.255.255 > access-list 3 permit 207.36.65.254 > > route-map ISP2 permit 10 > match ip address 1 > match ip next-hop 3 > ! > route-map ISP1 permit 10 > match ip address 1 > match interface Serial0/0 > > > RTA#sh ip route > Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -BGP > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 > E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter > area > * - candidate default, U - per-user static route, o - ODR > P - periodic downloaded static route > > Gateway of last resort is not set > > 1.0.0.0/32 is subnetted, 1 subnets > B 1.1.1.1 [20/0] via 205.113.49.254, 00:04:12 > 2.0.0.0/32 is subnetted, 1 subnets > B 2.2.2.2 [20/0] via 207.36.65.254, 00:04:12 > 3.0.0.0/32 is subnetted, 1 subnets > C 3.3.3.3 is directly connected, Loopback0 > 205.113.49.0/30 is subnetted, 1 subnets > C 205.113.49.252 is directly connected, Serial0/0 > 207.36.65.0/30 is subnetted, 1 subnets > C 207.36.65.252 is directly connected, Serial0/1 > 10.0.0.0/16 is subnetted, 1 subnets > C 10.1.0.0 is directly connected, FastEthernet0/0 > RTA# > > Any help will be greatly appreciated. > > Regards, > H.
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:50 GMT-3