[c-nsp] nat question

Dan dan at technc.com
Mon Apr 30 17:06:28 EDT 2007 

I'm having trouble setting up nat on a router.  I have a route-map 
routing internal subnets to various dsl lines.  We have another isp 
connection now that I need to connect to the router on an hwic and setup 
nat.  I have a workstation that i'm trying to route through to the new 
isp connection but having some trouble with the nat config.

Route map "inet" is used to route the internal subnets on the network to 
various dsl lines. f0/0 is the lan port, f0/1 is the wan port where the 
827 dsl routers are connected to and f0/3/3 on the hwic is where the new 
isp connection is on vlan 303.


interface FastEthernet0/0
 description lan
 bandwidth 100000
 ip address 10.1.10.1 255.255.255.0
 ip route-cache flow
 ip policy route-map inet
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description wan - connects to a switch where four dsl lines are connected
 ip address 10.10.50.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/3/0
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
 description isp connection that i'm trying to setup nat on
 switchport access vlan 303
!
interface Vlan303
 bandwidth 3000
 ip address 64.x.x.2 255.255.255.240 secondary
 ip address 64.x.x.1 255.255.255.240
 ip nat outside
!
ip classless
ip route 10.20.0.0 255.255.255.0 10.10.50.101
ip route 10.50.0.0 255.255.0.0 10.1.10.20
ip route 192.168.0.0 255.255.0.0 10.1.10.20
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.25.31 2055
!
ip nat inside source route-map nat-wb interface FastEthernet0/3/3 overload
!
ip access-list extended pjh
 permit ip 192.168.18.0 0.0.0.255 any
ip access-list extended ees
 permit ip 192.168.6.0 0.0.0.255 any
ip access-list extended ges
 permit ip 192.168.7.0 0.0.0.255 any
ip access-list extended rtest
 permit ip host 192.168.50.54 any
!
snmp-server community public RO
!
route-map inet permit 40
 match ip address ges
 set ip next-hop 10.10.50.103
!
route-map inet permit 50
 match ip address pjh
 set ip next-hop 10.10.50.103
!
route-map inet permit 60
 match ip address ees
 set ip next-hop 10.10.50.102
!
route-map inet permit 303
 match ip address rtest
 set ip next-hop 64.x.x.3
!
route-map nat-wb permit 10
 match ip address rtest
 match interface FastEthernet0/3/3
!


I know it is a nat problem, but what am i missing?

Thanks,
Dan.

More information about the cisco-nsp mailing list