[c-nsp] PBR with NAT/PAT - strange (non-deterministic) behaviour
Dale Shaw
dale.shaw+cisco-nsp at gmail.com
Fri Mar 7 03:57:53 EST 2008
Hi oli,
On Fri, Mar 7, 2008 at 7:41 PM, Oliver Boehmer (oboehmer)
<oboehmer at cisco.com> wrote:
>
> match ip next-hop should also work. Not sure why it didn't, would need
> to see the full config.. but in your case, I'd work with interfaces
> (also use "set interface" in PBR route-map)..
I started off using 'set interface' in the PBR route-map -- I must've
changed it during the troubleshooting process. I've changed it back
now because I find it more 'readable'. Are there any other good
reasons to use 'set interface' over 'set ip next-hop'?
My 'match ip next-hop' config would've looked something like this:
interface Serial0/0.740 point-to-point
ip address 192.168.91.138 255.255.255.252
!
interface Serial0/1.742 point-to-point
ip address 192.168.91.142 255.255.255.252
!
access-list 51 permit 192.168.91.137
!
access-list 52 permit 192.168.91.141
!
access-list 125 remark ** match HTTP to server 1 **
access-list 125 permit tcp any host 192.168.91.67 eq www
access-list 125 remark ** match HTTP to server 2 **
access-list 125 permit tcp any host 192.168.91.3 eq www
!
route-map App01-NAT-FOO1 permit 10
match ip address 125
match ip next-hop 51
!
route-map App01-NAT-FOO2 permit 10
match ip address 125
match ip next-hop 52
!
ip nat inside source route-map App01-NAT-FOO1 interface Serial0/1.742 overload
ip nat inside source route-map App01-NAT-FOO2 interface Serial0/0.740 overload
!
end
cheers,
Dale
More information about the cisco-nsp
mailing list