PBR on a Cisco 1721 router

[Strawhidy]

I’m trying to separate the traffic that gamers and Internet users use to help improve the performance of my T1. I've configured my router to redirect all web based traffic through my Ethernet WIC to help alleviate the stress on my T1 line. The Ethernet WIC is connected to my bridged Verizon DSL router. I was instructed by another tech to enter the commands to make this possible. Since the change I’ve since lost the ability to access the Internet through the T1. I’ve trying to enter the following command but keep getting an error:

nj-rtr(config-route-map)#ip nat inside source list 1 pool DSL overload
%Dynamic mapping in use, cannot change

I will post the rest of my running config. Can someone please help me fix this problem?



Building configuration...

Current configuration : 2885 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname nj-rtr
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip source-route
!
!
no ip dhcp use vrf connected
!
!
ip cef
no ip domain lookup
no ip bootp server
!
!
!
!
interface Ethernet0
ip address 10.4.3.3 255.255.255.0
ip nat outside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0
description to NetJam LAN
ip address 12.158.72.30 255.255.255.248 secondary
ip address 192.168.0.1 255.255.255.0
ip helper-address 192.168.0.5
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache policy
ip policy route-map PBR
speed 100
!
interface Serial0
description to ATT T1
bandwidth 1536
ip address 206.121.216.162 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
no keepalive
down-when-looped
service-module t1 remote-alarm-enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
ip nat pool NAT 12.158.72.25 12.158.72.30 netmask 255.255.255.248
ip nat pool DSL 10.4.3.3 10.4.3.3 netmask 255.255.255.248
ip nat inside source list 1 pool NAT overload
ip nat inside source static tcp 192.168.0.1 23 12.158.72.30 23 extendable
ip nat inside source static tcp 192.168.0.5 80 12.158.72.30 80 extendable
ip nat inside source static udp 192.168.0.5 80 12.158.72.30 80 extendable
ip nat inside source static tcp 192.168.0.11 3784 12.158.72.30 3784 extendable
ip nat inside source static udp 192.168.0.11 3784 12.158.72.30 3784 extendable
ip nat inside source static tcp 192.168.0.200 8082 12.158.72.30 8082 extendable
ip nat inside source static udp 192.168.0.11 20800 12.158.72.30 20800 extendable
ip nat inside source static udp 192.168.0.11 20810 12.158.72.30 20810 extendable
ip nat inside source static udp 192.168.0.11 28960 12.158.72.30 28960 extendable
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 12.158.72.0 0.0.0.255
access-list 1 permit 206.121.216.0 0.0.0.255
access-list 101 remark PBR and NAT ACL for ftp http https pop3 imap and flash
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq 1935
access-list 101 deny ip any any
route-map PBR permit 10
match ip address 101
set ip next-hop 10.4.3.1
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

 

[Strawhidy]

I got passed the error I posted above by entering the following commands but I have no Internet access now:

------------------------------------------
interface fa0
no ip nat inside
exit
exit
clear ip nat tran *
conf term
ip nat inside source list 1 pool DSL overload
interface fa0
ip nat inside
------------------------------------------

Now my config looks like this;

Building configuration...

Current configuration : 2885 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname nj-rtr
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip source-route
!
!
no ip dhcp use vrf connected
!
!
ip cef
no ip domain lookup
no ip bootp server
!
!
!
!
interface Ethernet0
ip address 10.4.3.3 255.255.255.0
ip nat outside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0
description to NetJam LAN
ip address 12.158.72.30 255.255.255.248 secondary
ip address 192.168.0.1 255.255.255.0
ip helper-address 192.168.0.5
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache policy
ip policy route-map PBR
speed 100
!
interface Serial0
description to ATT T1
bandwidth 1536
ip address 206.121.216.162 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
no keepalive
down-when-looped
service-module t1 remote-alarm-enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
ip nat pool NAT 12.158.72.25 12.158.72.30 netmask 255.255.255.248
ip nat pool DSL 10.4.3.3 10.4.3.3 netmask 255.255.255.248
ip nat inside source list 1 pool DSL overload
ip nat inside source static tcp 192.168.0.1 23 12.158.72.30 23 extendable
ip nat inside source static tcp 192.168.0.5 80 12.158.72.30 80 extendable
ip nat inside source static udp 192.168.0.5 80 12.158.72.30 80 extendable
ip nat inside source static tcp 192.168.0.11 3784 12.158.72.30 3784 extendable
ip nat inside source static udp 192.168.0.11 3784 12.158.72.30 3784 extendable
ip nat inside source static tcp 192.168.0.200 8082 12.158.72.30 8082 extendable
ip nat inside source static udp 192.168.0.11 20800 12.158.72.30 20800 extendable
ip nat inside source static udp 192.168.0.11 20810 12.158.72.30 20810 extendable
ip nat inside source static udp 192.168.0.11 28960 12.158.72.30 28960 extendable
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 12.158.72.0 0.0.0.255
access-list 1 permit 206.121.216.0 0.0.0.255
access-list 101 remark PBR and NAT ACL for ftp http https pop3 imap and flash
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq 1935
access-list 101 deny ip any any
route-map PBR permit 10
match ip address 101
set ip next-hop 10.4.3.1
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

 

[Strawhidy]

Is no one familiar with Policy based routing?

 

[burtsbees]

I was instructed by another tech to enter the commands to make this possible."
Out of curiosity, what commands?
I just had back surgery 4 days ago...bear with me...hopped up on Oxy....whooooo
I will repost in a bit, visitors just walked in.

Burt

 

[burtsbees]

Is this an internet cafe? Why is there only one address in the NAT range for the DSL? Why two WAN links? Why PBR instead of QoS?

Burt

 

[Alterac]

I think its an internet cafe.

What i think he/she is trying to do is the following:

T1 for Hosted Services
DSL for Customers using the internet.

the Secondary IP address on the inside interface is so customers can use the external ip to get to services hosted localy.




----------------------------------
Bill