[c-nsp] PBR + NAT route-map issue

Gustavo Rodrigues Ramos gustavo at nexthop.com.br
Tue Jul 28 16:47:36 EDT 2009


Hi Max,

You might want to combine pbr with object tracking (and add some nat
statements to this mix). To make a long story short, you can configure
ip sla and object tracking to monitor your gateway(s) availability and
use a route-map with the "verify-availability" statement to select the
preferred/available route. I've described it in my blog [1] a couple
of months ago. Sorry, it's still in portuguese only :( ...  Well,
since the configs have been written in a universal language (aka ios
commands) there should be no problem trying to figure out the
portuguese part (or use the google translator to do the trick). :)

[1] http://blog.nexthop.com.br/2009/02/um-roteador-dois-provedores-e-alguma.html

Gustavo.


On Tue, Jul 28, 2009 at 4:13 PM, Max Pierson<Max.Pierson at mycallis.com> wrote:
> Hi All,
>
> Im kinda new to the list and hope someone can help me an issue. I'm
> trying to do some PBR with nat and am having an issue understanding how
> the route-maps apply in combination with the nat process. I would like
> to send my Phone based vlan traffic out of the T1 and the Data traffic
> out of the DSL. IF possible, I'd like them to failover for each other
> (which makes the config even more confusing). I have the ability to
> route a few/30's to this router over the dsl or the t1. Any help with
> the nat statements and route-maps would be greatly appreciated. Relevent
> config so far is posted. The 64.x.x.x and 208.x.x.x are my phone
> servers. Thanks for any help!!!
>
> 2651-XM
> 12.4.(23)
>
>
> ip dhcp excluded-address 172.16.0.1 172.16.0.99
> ip dhcp excluded-address 192.168.1.1 192.168.1.100
> ip dhcp excluded-address 192.168.1.113
> !
> ip dhcp pool PHONES
>   network 172.16.0.0 255.255.255.0
>   default-router 172.16.0.1
>   dns-server 208.66.61.109 208.66.61.110
>   option 150 ip 208.83.93.113
>   lease 3
> !
> ip dhcp pool Computers
>   network 192.168.1.0 255.255.255.0
>   default-router 192.168.1.1
>   dns-server 208.66.61.109 208.66.61.110
>   lease 3
> !
> !
>
> !
> track 1 interface Dialer0 ip routing
>  delay up 15
> !
> interface FastEthernet0/0
>  no ip address
>  duplex auto
>  speed auto
> !
> interface FastEthernet0/0.150
>  description To Phones
>  encapsulation dot1Q 150
>  ip address 172.16.0.1 255.255.255.0
>  ip nat inside
> !
> interface FastEthernet0/0.200
>  description Computers
>  encapsulation dot1Q 200
>  ip address 192.168.1.1 255.255.255.0
>  ip nat inside
> !
> interface Serial0/0
>  ip address 74.113.88.62 255.255.255.252
>  ip nat outside
>  priority-group 1
> !
> interface ATM0/1
>  no ip address
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip route-cache flow
>  shutdown
>  no atm ilmi-keepalive
>  dsl operating-mode auto
> !
> interface ATM0/1.1 point-to-point
>  pvc 1/100
>  pppoe-client dial-pool-number 1
>  !
> !
> interface FastEthernet0/1
>  no ip address
>  shutdown
>  duplex auto
>  speed auto
> !
> interface Dialer0
>  ip address negotiated
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip nat outside
>  encapsulation ppp
>  ip route-cache flow
>  ip tcp adjust-mss 1412
>  dialer pool 1
>  dialer-group 1
>  no cdp enable
>  ppp authentication chap pap callin
>  ppp chap hostname rubenstein at authcall.net
>  ppp chap password 0 xxxxxxxx
>  ppp pap sent-username rubenstein at authcall.net password 0 xxxxxxxxx
> !
> ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
> ip route 0.0.0.0 0.0.0.0 74.113.88.61 254
> ip route 64.193.113.0 255.255.255.0 74.113.88.61 101
> ip route 64.193.113.0 255.255.255.0 Dialer0 120
> ip route 208.83.93.0 255.255.252.0 74.113.88.61 101
> ip route 208.83.93.0 255.255.252.0 Dialer0 120
> !
>
>
> no ip http server
>
> ip nat inside source list 10 interface Serial0/0 overload
>
> access-list 10 permit 192.168.1.0 0.0.0.255
> access-list 10 permit 172.16.0.0 0.0.0.255
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list