[c-nsp] route-map for NAT and L2VPN

Kumara a/l Rashu Nadarajah kumara.rashu at time.com.my
Mon Nov 19 03:26:03 EST 2012 

Hi,

 

Please advice me on the route-map to match the ip address segments.

 

1. In the ASR1001 we need to match the ip address segment to identify
the customers for nat purposes and L2vpn traffic from single p2p
connection(satellite router).

2. I manage to identify the NAT customer and route to the correct output
sub-interface by using "ip nat inside source list 100 interface
GigabitEthernet0/0/1.20 overload" to the ME3600.It is working.

3. For the L2VPN I use the "ip policy route-map COMINTEL" with the
access-list to match the ip segments to specific sub-interface.

route-map COMINTEL permit 10

 match ip address comintel

 set interface GigabitEthernet0/0/1.10

 

4. In order to verify it I used the: show route-map" but there no match
counters is increase. Please advice on this issue:

 

route-map COMINTEL, permit, sequence 10

  Match clauses:

    ip address (access-lists): comintel 

  Set clauses:

    interface GigabitEthernet0/0/1.10

  Policy routing matches: 0 packets, 0 bytes

 

5.Both nat and L2VPN need to be done in the same physical interface from
the uplink.

 

Config in the ASR1001:

 

interface GigabitEthernet0/0/0

 description to- Satellite router 

 ip address 10.10.10.1 255.255.255.252

 ip nat inside

 ip policy route-map COMINTEL

 negotiation auto

 

interface GigabitEthernet0/0/1

description to-ME3600

 no ip address

 negotiation auto

!         

interface GigabitEthernet0/0/1.10

 encapsulation dot1Q 10

 ip address 203.121.112.202 255.255.255.252

 ip nat outside

!

interface GigabitEthernet0/0/1.20

 encapsulation dot1Q 20

 ip address 203.121.112.206 255.255.255.252

 ip nat outside

 

My question is how to verify the packets across the route-map in the
gi0/0/0 so that I can verify the correct output from the ASR1001 to
ME3600?Is that possible to configure the route-map to set with logical
interface. 

 

ip access-list extended comintel

 permit ip 10.171.24.0 0.0.0.255 any

 permit ip 10.171.25.0 0.0.0.255 any

 permit ip 10.171.26.0 0.0.0.255 any

 permit ip 10.171.27.0 0.0.0.255 any

 permit ip 10.171.28.0 0.0.0.255 any

 permit ip 10.171.29.0 0.0.0.255 any

 permit ip 10.171.30.0 0.0.0.255 any

!

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.3.0 0.0.0.255 any

!

route-map COMINTEL permit 10

 match ip address comintel

 set interface GigabitEthernet0/0/1.10

!

route-map COMINTEL permit 20

 match ip address 100

 set default interface GigabitEthernet0/0/1.20

!

route-map COMINTEL permit 30

 match ip address 101

 set default interface GigabitEthernet0/0/1.30

 

>From the route-map:

ASR1001#sh route-map 

route-map COMINTEL, permit, sequence 10

  Match clauses:

    ip address (access-lists): comintel 

  Set clauses:

    interface GigabitEthernet0/0/1.10

  Policy routing matches: 0 packets, 0 bytes

route-map COMINTEL, permit, sequence 20

  Match clauses:

    ip address (access-lists): 100 

  Set clauses:

    default interface GigabitEthernet0/0/1.20

  Policy routing matches: 0 packets, 0 bytes

route-map COMINTEL, permit, sequence 30

  Match clauses:

    ip address (access-lists): 101 

  Set clauses:

    default interface GigabitEthernet0/0/1.30

  Policy routing matches: 0 packets, 0 bytes

 

 

Regards,

Kumara 



CONFIDENTIALITY
---------------

The contents of and any attachments to this email are private and confidential. If you are not the intended recipient or addressee indicated in this message, please notify the sender of the error and destroy the email and any attachments. Please do not reproduce the contents of the email or its attachments as such reproduction is a breach of confidentiality and for which legal action including injunctive relief may be sought against you. If it is your company policy that official communications are not by email, please advise immediately. Any opinions, conclusions and other information in this message that do not relate to the official business of TIME dotCom shall be understood as neither given nor endorsed by TIME dotCom, nor shall TIME dotCom shall be liable (directly or vicariously) for such opinions, statements or communications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20121119/7502e6ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1031 bytes
Desc: image002.gif
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20121119/7502e6ec/attachment-0001.gif>

More information about the cisco-nsp mailing list