Re: Question About Local Policy Route-map + NAT (IE CoreLab

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Sun Apr 16 2006 - 01:03:23 GMT-3

• Next message: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Previous message: Jung-I Lin: "Question About Local Policy Route-map + NAT (IE CoreLab Lab7"
• Next in thread: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Jian Gu: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Jung-I Lin: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi My friend.. I have not seen this lab yet but maybe Channing the ip
nat outside to E1/0 and nat inside to loo0

Jung-I Lin escribiC3:
> Dear All,
>
> I have a question which is related to Local PBR + NAT.
> The scenario is like this
>
> R5 has several interface participate in OSPF , the only exception is E1/0.
> The goal is to have the packets which is sourced from R5's E1/0 can
> reach other and correctly reply back.
> And the restriction is you can only use one "ip nat outside" command
> on an interface.
>
> So I use local policy route-map + nat , part of the config is as following
>
> !
> interface Loopback0
> ip address 150.1.5.5 255.255.255.0
> ip nat outside
> !
> interface Ethernet0/0
> ip address 144.1.5.5 255.255.255.0
> half-duplex
> !
> interface Serial0/0
> no ip address
> encapsulation frame-relay
> clockrate 125000
> no fair-queue
> !
> interface Serial0/0.501 multipoint
> ip address 144.1.15.5 255.255.255.0
> ip ospf network point-to-point
> frame-relay map ip 144.1.15.1 501 broadcast
> !
> interface BRI0/0
> no ip address
> shutdown
> !
> interface Serial0/1
> ip unnumbered Ethernet0/0
> encapsulation ppp
> clockrate 64000
> !
> interface Ethernet1/0
> ip address 144.1.55.5 255.255.255.0
> ip nat inside
> half-duplex
> !
> router ospf 1
> log-adjacency-changes
> redistribute connected subnets route-map CONNECTED->OSPF
> network 144.1.5.5 0.0.0.0 area 0
> network 144.1.15.5 0.0.0.0 area 0
> !
> ip local policy route-map POLICY
> ip nat inside source list 1 interface Loopback0 overload
> access-list 1 permit 144.1.55.0 0.0.0.255
> access-list 100 permit ip host 144.1.55.5 any
> !
> route-map POLICY permit 10
> match ip address 100
> set interface Loopback0
>
> R5 is able to ping other router without sourced from E1/0
> Rack1R5#p 144.1.15.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 144.1.15.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
>
>
> But if I sourced from E1/0 the ping is not ok.
> Rack1R5#ping 144.1.15.1 source Ethernet1/0
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 144.1.15.1, timeout is 2 seconds:
> Packet sent with a source address of 144.1.55.5
> .....
> Success rate is 0 percent (0/5)
>
>
> I use debug ip policy and debug ip nat, and the output
> *Mar 1 19:11:01.599: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
> policy match
> *Mar 1 19:11:01.603: IP: route map POLICY, item 10, permit
> *Mar 1 19:11:01.603: IP: s=144.1.55.5 (local), d=144.1.15.1
> (Loopback0), len 100, policy routed
> *Mar 1 19:11:01.603: IP: local to Loopback0 144.1.15.1.
> *Mar 1 19:11:03.598: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
> policy match
> *Mar 1 19:11:03.598: IP: route map POLICY, item 10, permit
> *Mar 1 19:11:03.598: IP: s=144.1.55.5 (local), d=144.1.15.1
> (Loopback0), len 100, policy routed
> *Mar 1 19:11:03.598: IP: local to Loopback0 144.1.15.1
> *Mar 1 19:11:05.601: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
> policy match
> *Mar 1 19:11:05.601: IP: route map POLICY, item 10, permit
> *Mar 1 19:11:05.601: IP: s=144.1.55.5 (local), d=144.1.15.1
> (Loopback0), len 100, policy routed
> *Mar 1 19:11:05.601: IP: local to Loopback0 144.1.15.1.
> *Mar 1 19:11:07.604: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
> policy match
> *Mar 1 19:11:07.604: IP: route map POLICY, item 10, permit
> *Mar 1 19:11:07.604: IP: s=144.1.55.5 (local), d=144.1.15.1
> (Loopback0), len 100, policy routed
> *Mar 1 19:11:07.604: IP: local to Loopback0 144.1.15.1.
> *Mar 1 19:11:09.608: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
> policy match
> *Mar 1 19:11:09.608: IP: route map POLICY, item 10, permit
> *Mar 1 19:11:09.608: IP: s=144.1.55.5 (local), d=144.1.15.1
> (Loopback0), len 100, policy routed
> *Mar 1 19:11:09.608: IP: local to Loopback0 144.1.15.1.
>
> It seems that the Local PBR is fine, but the NAT did not work.
> Any comments?
> --
> Thanks
> Best Regards,
>
> Jung-I Lin
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Previous message: Jung-I Lin: "Question About Local Policy Route-map + NAT (IE CoreLab Lab7"
• Next in thread: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Jian Gu: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Jung-I Lin: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe reply: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:57 GMT-3