I have an 1841 with
one adsl interface pointing to the internet to isp1
I have Fa0/1 pointing to isp2
I have one lan interface fa0/0
with ip address 10.1.1.254
Presently I only have one Static nat for
an inside address of 10.1.1.1 which nats to a public address & proxies for mail & PPTP (The 10.1.1.1 is an ISA SERVER). I want to configure PBR so that mail goes to PPTP goes through isp1 & all other traffic through isp2
I have used the following route-maps in an attempt to do this.
ip nat inside source static 10.1.1.1 194.72.X.X route-map outside_nat1 (new nat for VPN)
ip nat inside source static 10.1.1.1 217.36.X.X route-map outside_nat2
(new nat for all other traffic)
route-map outside_nat1 permit 10
match ip address 101
set default interface FastEthernet0/1
access-list 101 permit tcp host 10.1.1.1 eq 1723 any
access-list 101 permit gre host 10.1.1.1 any
route-map outside_nat2 permit 10
match ip address 102
set default interface Dialer0
access-list 102 deny tcp host 10.1.1.1 eq 1723 any
access-list 102 deny gre host 10.1.1.1 any
Interface FastEthernet0/0
ip policy route-map vpn_only
route-map vpn_only permit 10
match ip address 110
set default interface FastEthernet0/1
access-list 110 permit tcp host 10.1.1.1 eq 1723 any
access-list 110 permit gre host 10.1.1.1 any
Using this configuration I can still collect mail from ISP1, but when I try to make the connection for the remote access PPTP vpn via isp2 I can see a nat translation for the address but no GRE connection info & the vpn won't work.
for example, before employing PBR i see the following translations when connected to the vpn
#show ip nat translations
tcp 217.36.X.X:1723 10.1.1.1:1723 195.200.x.x:1485 195.200.x.x:1485
gre 217.36.x.x:7576 10.1.1.1:7576 195.200.x.x:7576 195.200.X.x:7576
gre 217.36.X.X:32768 10.1.1.1:32768 195.200.X.X:32768 195.200.X.X:32768
This includes 1723 for pptp & an entry for gre, however when I use the PBR I only see TCP connection including 1723 for the PPTP, but NO GRE translation. How do I get this to work?
one adsl interface pointing to the internet to isp1
I have Fa0/1 pointing to isp2
I have one lan interface fa0/0
with ip address 10.1.1.254
Presently I only have one Static nat for
an inside address of 10.1.1.1 which nats to a public address & proxies for mail & PPTP (The 10.1.1.1 is an ISA SERVER). I want to configure PBR so that mail goes to PPTP goes through isp1 & all other traffic through isp2
I have used the following route-maps in an attempt to do this.
ip nat inside source static 10.1.1.1 194.72.X.X route-map outside_nat1 (new nat for VPN)
ip nat inside source static 10.1.1.1 217.36.X.X route-map outside_nat2
(new nat for all other traffic)
route-map outside_nat1 permit 10
match ip address 101
set default interface FastEthernet0/1
access-list 101 permit tcp host 10.1.1.1 eq 1723 any
access-list 101 permit gre host 10.1.1.1 any
route-map outside_nat2 permit 10
match ip address 102
set default interface Dialer0
access-list 102 deny tcp host 10.1.1.1 eq 1723 any
access-list 102 deny gre host 10.1.1.1 any
Interface FastEthernet0/0
ip policy route-map vpn_only
route-map vpn_only permit 10
match ip address 110
set default interface FastEthernet0/1
access-list 110 permit tcp host 10.1.1.1 eq 1723 any
access-list 110 permit gre host 10.1.1.1 any
Using this configuration I can still collect mail from ISP1, but when I try to make the connection for the remote access PPTP vpn via isp2 I can see a nat translation for the address but no GRE connection info & the vpn won't work.
for example, before employing PBR i see the following translations when connected to the vpn
#show ip nat translations
tcp 217.36.X.X:1723 10.1.1.1:1723 195.200.x.x:1485 195.200.x.x:1485
gre 217.36.x.x:7576 10.1.1.1:7576 195.200.x.x:7576 195.200.X.x:7576
gre 217.36.X.X:32768 10.1.1.1:32768 195.200.X.X:32768 195.200.X.X:32768
This includes 1723 for pptp & an entry for gre, however when I use the PBR I only see TCP connection including 1723 for the PPTP, but NO GRE translation. How do I get this to work?
