Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Policy based routing/Load balancing over 2 DSL lines

Status
Not open for further replies.

superduperlopez

Technical User
Mar 21, 2006
32
GB
Hi, need some help with this please...

I have a router 2600 series which has 2 DSL lines out (2 Dialers) and 1 Fast Ethernet interface in with many sub-interfaces. The sub-interfaces represent the many companies that are inside this big building....

The second Dialer (Dialer2) is not being used at the moment so...

Ideally, what I would like to do is to to establish some Policy Based Routing so I can decide what company (sub-interface) goes out of what DSL line.....to achieve this I tried something like the following...

route-map OutDialer2 permit 10
match ip address X X X
set interface OutDialer2

interface fa0/0.161
ip policy route-map OutDialer2

But this does not seem to work. I wonder if it is because all the NATting that the router is doing....Does the traffic needs to come back in through the same Dialer that it went out?
Do I have to get rid of the default route 0.0.0.0 0.0.0.0 Dialer1???..... OR do I have to have two default routes one for Dialer1 and one for Dialer2 ????????

Would it be easier to apply some kind of load balancing over the two Dialers instead of using Policy Based Routing??

Any help will be very much appreciated
P.S.....I will put the configuration on the next post...
 
!
! Last configuration change at 12:23:14 UTC Thu Apr 6 2006 by crucial
! NVRAM config last updated at 14:17:05 UTC Wed Feb 15 2006
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname TEST_router
!
boot system flash:c2600-ik8o3s-mz.122-11.T.bin
logging buffered 51200 warnings
enable secret 5
enable password 7
!
username TEST1 privilege 7 password 7
username TEST2 privilege 7 password 7
username TEST3 privilege 15 password 7
username TEST4 privilege 7 password 7
username TEST5 privilege 15 password 7
username TEST6 privilege 7 password 7
ip subnet-zero
!
!
ip ftp username TEST7
ip ftp password 7
ip dhcp excluded-address 192.168.87.1 192.168.97.2
!
ip dhcp pool TEST
network 192.168.97.0 255.255.255.0
default-router 192.168.97.2
dns-server 154.154.4.44
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
class-map match-all class129
match access-group 129
class-map match-all class130
match access-group 130
class-map match-all class131
match access-group 131
class-map match-all class86
match access-group 186
class-map match-all class68
match access-group 168
class-map match-all class87
match access-group 187
class-map match-all class84
match access-group 184
class-map match-all class85
match access-group 185
class-map match-all class94
match access-group 194
class-map match-all class82
match access-group 182
class-map match-all class83
match access-group 183
class-map match-all class81
match access-group 181
class-map match-all class61
match access-group 161
class-map match-all class62
match access-group 162
class-map match-all class63
match access-group 163
class-map match-all class64
match access-group 164
class-map match-all class98
match access-group 198
!
!
policy-map policing
class class81
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class82
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class83
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class84
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class85
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class86
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class61
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class62
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class63
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class64
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class68
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class129
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class130
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class131
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class94
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class98
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 2
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key TEST address 82.72.172.52
crypto isakmp key TEST2 address 82.62.122.192
!
!
crypto ipsec transform-set TEST esp-des esp-md5-hmac
crypto ipsec transform-set TEST2 esp-des esp-md5-hmac
!
crypto map combinedmap 1 ipsec-isakmp
set peer 82.72.172.52
set transform-set TEST
match address 131
crypto map combinedmap 2 ipsec-isakmp
set peer 82.62.122.192
set transform-set TEST2
match address 111
!
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 192.168.71.1 255.255.255.0
!
interface ATM0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
no fair-queue
!
interface FastEthernet0/0
description $ETH-LAN$Main LAN Connection
no ip address
no ip mroute-cache
ip policy route-map route-nat
speed auto
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.70.1 255.255.255.0
ip policy route-map route-nat
!
interface FastEthernet0/0.22
ip policy route-map route-nat
!
interface FastEthernet0/0.24
ip policy route-map route-nat
!
interface FastEthernet0/0.61
encapsulation dot1Q 61
ip address 192.168.61.1 255.255.255.0
ip nat inside
ip policy route-map natcorrs
!
interface FastEthernet0/0.62
encapsulation dot1Q 62
ip address 192.168.62.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.63
encapsulation dot1Q 63
ip address 192.168.63.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.64
encapsulation dot1Q 64
ip address 192.168.64.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.68
encapsulation dot1Q 68
ip address 192.168.68.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.81
encapsulation dot1Q 81
ip address 192.168.81.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.82
encapsulation dot1Q 82
ip address 192.168.82.1 255.255.255.0
ip nat inside
rate-limit input 1000000 100000 200000 conform-action continue exceed-action drop
ip policy route-map route-nat
!
interface FastEthernet0/0.83
encapsulation dot1Q 83
ip address 192.168.83.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.84
encapsulation dot1Q 84
ip address 192.168.84.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.85
encapsulation dot1Q 85
ip address 192.168.85.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.86
encapsulation dot1Q 86
ip address 192.168.86.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.87
encapsulation dot1Q 87
ip address 192.168.87.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.88
encapsulation dot1Q 88
ip address 192.168.88.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.89
encapsulation dot1Q 89
ip address 192.168.89.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.90
encapsulation dot1Q 90
ip address 192.168.90.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.91
encapsulation dot1Q 91
ip address 192.168.91.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.92
encapsulation dot1Q 92
ip address 192.168.92.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.93
encapsulation dot1Q 93
ip address 192.168.93.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.94
encapsulation dot1Q 94
ip address 192.168.94.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.95
encapsulation dot1Q 95
ip address 192.168.95.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.98
encapsulation dot1Q 98
ip address 192.168.98.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.100
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.129
encapsulation dot1Q 129
ip address 192.168.129.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.130
description UNUSED
encapsulation dot1Q 130
ip address 192.168.130.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.131
description UNUSED
encapsulation dot1Q 131
ip address 192.168.131.1 255.255.255.0
ip nat inside
ip policy route-map route-nat
!
interface FastEthernet0/0.200
description Public IP addresses - not NATed
encapsulation dot1Q 200
ip address 88.98.38.78 255.255.255.240
!
interface ATM0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
dsl operating-mode auto
no fair-queue
!
interface FastEthernet0/1
ip address 192.168.97.2 255.255.255.0
ip access-group sdm_fastethernet0/1_in in
ip nat inside
no ip mroute-cache
speed auto
full-duplex
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pptp
ppp encrypt mppe 40
ppp authentication ms-chap
!
interface Dialer1
ip address 88.98.38.98 255.255.255.240
ip access-group 150 in
ip access-group sdm_dialer1_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
service-policy output policing
ppp authentication chap pap callin
ppp chap hostname test54321@test
ppp chap password 7
ppp ipcp dns request
crypto map combinedmap
hold-queue 224 in
!
interface Dialer2
ip address 82.92.72.22 255.255.255.248
ip access-group 150 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 2
dialer-group 2
service-policy output policing
ppp authentication chap pap callin
ppp chap hostname test98765@test
ppp chap password 7
ppp ipcp dns request
crypto map combinedmap
hold-queue 224 in
!
ip local pool pptp 192.168.72.75 192.168.72.180
ip nat inside source route-map natcorrs interface Dialer1 overload
ip nat inside source route-map nonat interface Dialer1 overload
ip nat inside source static 192.168.83.2 82.70.157.153 extendable
ip nat inside source static udp 192.168.86.10 110 82.77.157.157 110 extendable
ip nat inside source static udp 192.168.86.10 25 82.77.157.157 25 extendable
ip nat inside source static tcp 192.168.86.10 80 82.77.157.157 80 extendable
ip nat inside source static tcp 192.168.86.10 443 82.77.157.157 443 extendable
ip nat inside source static tcp 192.168.90.20 80 82.77.157.157 80 extendable
ip nat inside source static tcp 192.168.90.20 443 82.77.157.157 443 extendable
ip nat inside source static tcp 192.168.90.20 157 82.77.157.157 157 extendable
ip nat inside source static tcp 192.168.90.20 158 82.77.157.157 158 extendable
ip nat inside source static tcp 192.168.90.20 1723 82.77.157.157 1723 extendable
ip nat inside source static tcp 192.168.99.2 25 82.77.157.157 25 extendable
ip nat inside source static tcp 192.168.98.2 1723 82.77.157.157 1723 extendable
ip nat inside source static 192.168.83.2 88.96.38.91 extendable
ip nat inside source static udp 192.168.86.10 110 88.98.38.98 110 extendable
ip nat inside source static udp 192.168.86.10 25 88.98.38.98 25 extendable
ip nat inside source static tcp 192.168.68.2 25 88.98.38.98 25 extendable
ip nat inside source static tcp 192.168.86.10 80 88.98.38.98 80 extendable
ip nat inside source static tcp 192.168.86.10 443 88.98.38.98 443 extendable
ip nat inside source static tcp 192.168.90.20 80 88.98.38.88 80 extendable
ip nat inside source static tcp 192.168.90.20 443 88.98.38.88 443 extendable
ip nat inside source static tcp 192.168.90.20 157 88.98.38.88 157 extendable
ip nat inside source static tcp 192.168.90.20 158 88.98.38.88 158 extendable
ip nat inside source static tcp 192.168.90.20 1723 88.98.38.88 1723 extendable
ip nat inside source static tcp 192.168.99.2 25 88.98.38.88 28 extendable
ip nat inside source static tcp 192.168.98.2 1723 88.98.38.88 1723 extendable
ip nat inside source static tcp 192.168.94.104 5003 88.98.38.88 5003 extendable
ip nat inside source static udp 192.168.94.104 5003 88.98.38.88 5003 extendable
ip nat inside source static tcp 192.168.61.200 5900 88.98.38.88 5900 extendable
ip nat inside source static tcp 192.168.61.201 1723 88.98.72.28 1723 extendable
ip nat inside source static tcp 192.168.61.201 3389 88.98.72.28 3389 extendable
ip nat inside source static udp 192.168.61.201 1701 88.98.72.28 1701 extendable
ip nat inside source static tcp 192.168.61.201 1723 88.98.38.981723 extendable
ip nat inside source static tcp 192.168.61.201 3389 88.98.38.98 3389 extendable
ip nat inside source static udp 192.168.61.201 1701 88.98.38.98 1701 extendable
ip nat inside source static 192.168.61.201 88.98.38.98 extendable
ip nat inside source static tcp 192.168.130.10 25 88.98.38.88 25 extendable
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
!
!
ip access-list extended sdm_dialer1_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
permit ip any any
!
access-list 100 permit ip 192.168.97.0 0.0.0.255 192.168.70.0 0.0.0.255
access-list 100 deny ip 192.168.97.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.97.0 0.0.0.255 any
access-list 101 deny ip 192.168.71.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.71.0 0.0.0.255 any
access-list 102 deny ip 192.168.72.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.72.0 0.0.0.255 any
access-list 110 permit ip 192.168.100.0 0.0.0.255 host 192.168.97.1
access-list 110 permit ip 192.168.100.0 0.0.0.255 host 192.168.97.3
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.100.0 0.0.0.255 any
access-list 111 permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 129 permit ip 192.168.129.0 0.0.0.255 host 192.168.97.1
access-list 129 permit ip 192.168.129.0 0.0.0.255 host 192.168.97.3
access-list 129 deny ip 192.168.129.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 129 permit ip 192.168.129.0 0.0.0.255 any
access-list 130 deny ip 192.168.130.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 130 permit ip 192.168.130.0 0.0.0.255 any
access-list 131 permit ip 192.168.84.0 0.0.0.255 89.0.9.0 0.0.0.255
access-list 131 deny ip 192.168.131.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 131 permit ip 192.168.131.0 0.0.0.255 any
access-list 150 permit tcp host 62.8.228.8 host 88.98.38.98 eq 1723 log
access-list 150 permit tcp host 62.8.228.8 host 88.98.38.98 eq 3389 log
access-list 150 permit udp host 62.8.228.8 host 88.98.38.98 eq 1701 log
access-list 150 permit tcp host 62.8.228.8 host 88.98.38.98 eq access-list 150 permit gre host 62.8.228.8 host 88.98.38.98 log
access-list 150 permit tcp host 213.207.117.117 host 88.98.38.98 eq 1723 log
access-list 150 permit tcp host 213.207.117.117 host 88.98.38.98 eq 3389 log
access-list 150 permit udp host 213.207.117.117 host 88.98.38.98 eq 1701 log
access-list 150 permit tcp host 213.207.117.117 host 88.98.38.98 eq access-list 150 permit gre host 213.207.117.117 host 88.98.38.98 log
access-list 150 permit tcp host 82.67.228.117 host 88.98.38.98 eq 1723 log
access-list 150 permit tcp host 82.67.228.117 host 88.98.38.98 eq 3389 log
access-list 150 permit udp host 82.67.228.117 host 88.98.38.98 eq 1701 log
access-list 150 permit tcp host 82.67.228.117 host 88.98.38.98 eq access-list 150 permit gre host 82.67.228.117 host 88.98.38.98 log
access-list 150 permit tcp any eq domain host 88.98.38.98 log
access-list 150 permit udp any eq domain host 88.98.38.98 log
access-list 150 permit icmp any any echo-reply
access-list 150 permit tcp any eq 88.98.38.98 log
access-list 150 permit tcp any eq smtp host 88.98.38.98 log
access-list 150 deny ip any host 88.98.38.98 log
access-list 150 permit ip any any
access-list 161 permit ip 192.168.61.0 0.0.0.255 host 192.168.97.1
access-list 161 permit ip 192.168.61.0 0.0.0.255 host 192.168.97.3
access-list 161 deny ip 192.168.61.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 161 permit ip 192.168.61.0 0.0.0.255 any
access-list 162 permit ip 192.168.62.0 0.0.0.255 host 192.168.97.1
access-list 162 deny ip 192.168.62.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 162 permit ip 192.168.162.0 0.0.0.255 any
access-list 163 permit ip 192.168.63.0 0.0.0.255 host 192.168.97.1
access-list 163 deny ip 192.168.63.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 163 permit ip 192.168.63.0 0.0.0.255 any
access-list 164 permit ip 192.168.64.0 0.0.0.255 host 192.168.97.1
access-list 164 permit ip 192.168.64.0 0.0.0.255 host 192.168.97.3
access-list 164 deny ip 192.168.64.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 164 permit ip 192.168.64.0 0.0.0.255 any
access-list 168 permit ip 192.168.68.0 0.0.0.255 host 192.168.97.1
access-list 168 deny ip 192.168.68.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 168 permit ip 192.168.68.0 0.0.0.255 any
access-list 181 deny ip 192.168.81.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 181 permit ip 192.168.81.0 0.0.0.255 any
access-list 182 deny ip 192.168.82.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 182 permit ip 192.168.82.0 0.0.0.255 any
access-list 183 deny ip 192.168.83.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 183 permit ip 192.168.83.0 0.0.0.255 any
access-list 184 deny ip 192.168.84.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 184 deny ip 192.168.84.0 0.0.0.255 89.0.9.0 0.0.0.255
access-list 184 permit ip 192.168.84.0 0.0.0.255 any
access-list 185 deny ip 192.168.85.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 185 permit ip 192.168.85.0 0.0.0.255 any
access-list 186 permit ip 192.168.86.0 0.0.0.255 host 192.168.97.1
access-list 186 deny ip 192.168.86.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 186 permit ip 192.168.86.0 0.0.0.255 any
access-list 187 deny ip 192.168.87.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 187 permit ip 192.168.87.0 0.0.0.255 any
access-list 188 deny ip 192.168.88.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 188 permit ip 192.168.88.0 0.0.0.255 any
access-list 189 deny ip 192.168.89.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 189 permit ip 192.168.89.0 0.0.0.255 any
access-list 190 deny ip 192.168.90.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 190 permit ip 192.168.90.0 0.0.0.255 any
access-list 191 deny ip 192.168.91.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 191 permit ip 192.168.91.0 0.0.0.255 any
access-list 192 deny ip 192.168.92.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 192 permit ip 192.168.92.0 0.0.0.255 any
access-list 193 deny ip 192.168.93.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 193 permit ip 192.168.93.0 0.0.0.255 any
access-list 194 deny ip 192.168.94.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 194 permit ip 192.168.94.0 0.0.0.255 any
access-list 195 deny ip 192.168.95.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 195 permit ip 192.168.95.0 0.0.0.255 any
access-list 198 deny ip 192.168.98.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 198 permit ip 192.168.98.0 0.0.0.255 any
access-list 199 deny ip 192.168.99.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 199 permit ip 192.168.99.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map natcorrs permit 10
match ip address 161
!
route-map nonat permit 10
match ip address 100 101 102 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 162 163 168 19 110 164 198 199 129 130 131 161
!
snmp-server community public RO
snmp-server enable traps tty
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
speed 57600
line aux 0
modem InOut
modem autoconfigure discovery
transport input telnet ssh
speed 115200
flowcontrol hardware
line vty 0 4
privilege level 15
password 7
logging synchronous
login local
transport input telnet ssh
!
ntp clock-period 17180259
ntp server 139.89.209.49
!
end
 
i dont see your route-nat route-map defined anywhere...
 
Hi,

You are right. I am not very sure about why they've put that "route-map route-nat" on all the sub-interfaces....as it stands right now, it doesn't seem to be doing anything as this route-map does not seem to be configured anywhere...

Sorry, forgot to mention, I didn't do this configuration. This is the configuration as it has been given to me...my task is to make use of both DSL lines
 
The route map itself seems invalid:

route-map OutDialer2 permit 10
match ip address X X X
set interface OutDialer2

interface fa0/0.161
ip policy route-map OutDialer2

The set interface line under Permit 10 should point to one of your physical or logical interfaces. This is not a valid interface type. Admittedly it's likely just a typo but the following makes more sense:

route-map OutDialer2 permit 10
match ip address X X X
set interface Dialer2

interface fa0/0.161
ip policy route-map OutDialer2
 
Yes, you are right.......just a typo....my mistake....
the correct form would be

set interface Dialer2
or maybe .....set default interface Dialer2
 
1) The 'ip policy route-map route-nat' on the FastEth0/0 interface appears unnecessary.

2) The only route-map that I see both defined and applied is on interface FastEthernet0/0.61, 'natcorrs'

- However it is not defined correctly. Add a 'set ip next-hop 82.92.72.17' under route-map configuration mode to make traffic from fastheth0/0.61 go out dialer2

- I think will need a new NAT statment. You could remove "ip nat inside source route-map natcorrs interface Dialer1 overload" and add "ip nat inside source 161 interface Dialer2 overload
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top