PBR and NAT:

From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Tue Mar 04 2008 - 02:24:50 ARST

• Next message: Scott Vermillion: "RE: CCIE Doubts"
• Previous message: John: "redistribution"
• Next in thread: Todd, Douglas M.: "RE: PBR and NAT:"
• Maybe reply: Todd, Douglas M.: "RE: PBR and NAT:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ok - I give up, I can not figure this one out... Lab7 of NMC....
Frustrated....beyond belief...
 
I must use nat to translate 172.16.110.1 so I can ping some address in the GLB
Routing table.
 
Basically I get this on the return traffic I get this:
*Mar 18 21:37:36.748: IP: s=172.16.234.2 (Serial1/0.234), d=172.16.110.1, len
100, unroutable
 
If I just use the pbr it does not work. I get the above. If I use a static
route, it works fine.
 
Basically, it's a pbr issue, but I do not know why I can ping 172.16.110.1 fine,
but the router will not translate the entry then route it.
Order of operation seems fine:
http://www.cisco.com/warp/public/556/5.html
 
 
 
R4 -
pinging 172.16.234.2 from 172.16.110.1. I can ping ALL R4's local interfaces
from 172.16.110.1.
 
 
F0/0 - Nat Inside
S1/0.234 - Nat Outside
 
Static nat
ip nat inside source static 172.16.110.1 172.16.104.10
 
I must use pbr to direct traffc to a switch:
ip local policy route-map cat1
 
PBR config:
 
R4#sh route-map cat1
route-map cat1, permit, sequence 10
  Match clauses:
    ip address (access-lists): cat1
  Set clauses:
    ip next-hop 172.16.46.10
  Policy routing matches: 70 packets, 7186 bytes

R4#sh access-list cat1
Extended IP access list cat1
    10 permit ip any 172.16.110.0 0.0.0.255 (5 matches)
    20 permit icmp any 172.16.110.0 0.0.0.255

R4#ping 172.16.110.1
Translating "172.16.110.1"
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.110.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R4#
 
R4#sh ip nat sta
Total active translations: 2 (1 static, 1 dynamic; 1 extended)
Outside interfaces:
  Serial1/0.234
Inside interfaces:
  FastEthernet0/0
Hits: 1738 Misses: 17
CEF Translated packets: 1160, CEF Punted packets: 19
Expired translations: 18
Dynamic mappings:
Queued Packets: 0
 
R4#sh ip nat tra
Pro Inside global Inside local Outside local Outside global
icmp 172.16.104.10:57 172.16.110.1:57 172.16.234.2:57 172.16.234.2:57
--- 172.16.104.10 172.16.110.1 --- ---
R4#

The information transmitted in this electronic communication is intended only
for the person or entity to whom it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of or taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you received this
information in error, please contact the Compliance HelpLine at 800-856-1983 and
properly dispose of this information.

• Next message: Scott Vermillion: "RE: CCIE Doubts"
• Previous message: John: "redistribution"
• Next in thread: Todd, Douglas M.: "RE: PBR and NAT:"
• Maybe reply: Todd, Douglas M.: "RE: PBR and NAT:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART