From: Tony Kwok (sykwok8@yahoo.com)
Date: Sat Dec 14 2002 - 22:56:03 GMT-3
Dear John,
It still does not work. Any idea?
R1#sh run int s0/0
Building configuration...
Current configuration : 124 bytes
!
interface Serial0/0
ip address 10.0.0.1 255.255.255.252
ip nat outside
ip policy route-map hello
clockrate 64000
**************
R2#ping
Protocol [ip]:
Target IP address: 11.11.11.11
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 22.22.22.22
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout
is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 36/40/56 ms
R2#
R1#ping
Protocol [ip]:
Target IP address: 22.22.22.22
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 111.111.111.111
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout
is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
Regards,
Tony
--- John Elias <jelias_@hotmail.com> wrote:
> Tony,
> You need to apply the policy to the serial
> interface.
>
> John E.
> CCIE #8150
>
>
>
>
>
>
> >From: Tony Kwok <sykwok8@yahoo.com>
> >Reply-To: Tony Kwok <sykwok8@yahoo.com>
> >To: ccielab@groupstudy.com
> >Subject: The Policy routing with NAT problem.
> >Date: Sat, 14 Dec 2002 02:48:39 -0800 (PST)
> >
> >Hi,
> >
> >I got one problem about the policy routing with
> NAT.
> >I got two routers with hostname R1 and R2.
> >
> >On the R1, I got one default route to the Ethernet
> >interface. In order to reach the loop back address
> >22.22.22.22, I am trying to using the policy
> routing
> >with NAT. I have tried a long time and find that
> the
> >policy routing can run properly but fail with NAT.
> >However, if I disable the policy routing and using
> the
> >static route instead. The NAT is working properly.
> Is
> >there any hints for this problem? Thx.
> >
> >R1 ---back-to-back----- R2
> >
> >Rotuer configuration.
> >Building configuration...
> >
> >Current configuration : 1259 bytes
> >!
> >version 12.1
> >no service single-slot-reload-enable
> >service timestamps debug uptime
> >service timestamps log uptime
> >service password-encryption
> >!
> >hostname R1
> >!
> >logging buffered 4096 debugging
> >logging rate-limit console 10 except errors
> >enable secret 5 $1$38kB$pyDkrvN5QJ9Rtyl8Gbvqw0
> >!
> >ip subnet-zero
> >!
> >!
> >no ip finger
> >no ip domain-lookup
> >!
> >call rsvp-sync
> >!
> >!
> >!
> >!
> >!
> >!
> >!
> >!
> >interface Loopback100
> > ip address 111.111.111.111 255.255.255.255
> > ip nat inside
> >!
> >interface FastEthernet0/0
> > ip address 203.74.124.8 255.255.255.240
> > duplex auto
> > speed auto
> >!
> >interface Serial0/0
> > ip address 10.0.0.1 255.255.255.252
> > ip nat outside
> > clockrate 64000
> >!
> >interface Serial0/1
> > no ip address
> > shutdown
> >!
> >ip local policy route-map hello
> >ip nat inside source static 111.111.111.111
> >11.11.11.11
> >ip classless
> >ip route 0.0.0.0 0.0.0.0 203.74.124.1
> >no ip http server
> >!
> >access-list 100 permit ip any host 22.22.22.22
> >route-map hello permit 10
> > match ip address 100
> > set ip next-hop 10.0.0.2
> >!
> >!
> >voice-port 1/0/0
> >!
> >voice-port 1/0/1
> >!
> >dial-peer cor custom
> >!
> >!
> >!
> >!
> >line con 0
> > password 7 010400015401575D
> > login
> > transport input none
> >line aux 0
> > modem InOut
> > modem autoconfigure type usr_sportster
> > transport input all
> > speed 115200
> >line vty 0 4
> > password 7 10590F1C0A1D4359
> > login
> >!
> >end
> >
> >R1#ping
> >Protocol [ip]:
> >Target IP address: 22.22.22.22
> >Repeat count [5]:
> >Datagram size [100]:
> >Timeout in seconds [2]:
> >Extended commands [n]: y
> >Source address or interface: lo 100
> >Type of service [0]:
> >Set DF bit in IP header? [no]:
> >Validate reply data? [no]:
> >Data pattern [0xABCD]:
> >Loose, Strict, Record, Timestamp, Verbose[none]:
> >Sweep range of sizes [n]:
> >Type escape sequence to abort.
> >Sending 5, 100-byte ICMP Echos to 22.22.22.22,
> timeout
> >is 2 seconds:
> >.....
> >
> >R1#sh ip nat tran
> >Pro Inside global Inside local Outside
> >local Outside global
> >--- 11.11.11.11 111.111.111.111 ---
> > ---
> >
> >R1#sh ip route
> >Codes: C - connected, S - static, I - IGRP, R -
> RIP, M
> >- mobile, B - BGP
> > D - EIGRP, EX - EIGRP external, O - OSPF,
> IA -
> >OSPF inter area
> > N1 - OSPF NSSA external type 1, N2 - OSPF
> NSSA
> >external type 2
> > E1 - OSPF external type 1, E2 - OSPF
> external
> >type 2, E - EGP
> > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS
> >level-2, ia - IS-IS inter area
> > * - candidate default, U - per-user static
> >route, o - ODR
> > P - periodic downloaded static route
> >
> >Gateway of last resort is 203.74.124.1 to network
> >0.0.0.0
> >
> > 111.0.0.0/32 is subnetted, 1 subnets
> >C 111.111.111.111 is directly connected,
> >Loopback100
> > 10.0.0.0/30 is subnetted, 1 subnets
> >C 10.0.0.0 is directly connected, Serial0/0
> > 203.74.124.0/28 is subnetted, 1 subnets
> >C 203.74.124.0 is directly connected,
> >FastEthernet0/0
> >S* 0.0.0.0/0 [1/0] via 203.74.124.1
> >
>
>*************************************************************************************
> >
> >R2#sh run
> >Building configuration...
> >
> >Current configuration : 875 bytes
> >!
> >version 12.1
> >no service single-slot-reload-enable
> >service timestamps debug uptime
> >service timestamps log uptime
> >service password-encryption
> >!
> >hostname R2
> >!
> >logging buffered 4096 debugging
> >logging rate-limit console 10 except errors
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:46 GMT-3