03-02-2004 02:45 AM - edited 03-02-2019 01:57 PM
Hi all,
This command appears to be missing from the new Cisco SOHO 97-K9 ADSL routers:
route-map nonat permit 10
The SOHO 97-K9 apparently supercedes the SOHO77H on which this command was previously available.
This command is apparently required to except the private network and VPN clients from the NAT process.
We are using these routers for VPN/FW and internet access.
Config as follows:
Current configuration : 2655 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname *****
!
enable secret 5 *****
!
ip subnet-zero
ip name-server *****
!
!
no aaa new-model
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key 0 ***** address 0.0.0.0 0.0.0.0
!
crypto isakmp client configuration group *****
key 0 *****
dns *****
domain *****
pool VPNPOOL
acl 110
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
ip address 192.168.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
description MY ISP
ip address ***** 255.255.255.0
ip access-group 199 in
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname *****
ppp chap password 7 *****
ppp pap sent-username ***** password 7 *****
crypto map clientmap
!
ip local pool VPNPOOL 172.1.1.1 172.1.1.10
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip access-list logging interval 2
access-list 1 permit *****
access-list 110 deny ip 192.168.10.0 0.0.0.255 172.1.1.0 0.0.0.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
access-list 110 permit ip 172.1.1.0 0.0.0.255 any
access-list 199 permit tcp any host ***** eq 500
access-list 199 permit udp any host ***** eq isakmp
access-list 199 permit tcp any any eq www
access-list 199 permit tcp any any eq smtp
access-list 199 permit tcp any any eq pop3
access-list 199 permit tcp any host 192.168.10. ***** eq 5631
access-list 199 permit tcp any host 192.168.10. ***** eq 5632
access-list 199 permit tcp any host 192.168.10. ***** eq 9976
access-list 199 permit tcp any host 192.168.10. ***** eq 9977
access-list 199 permit tcp any host 192.168.10. ***** eq 2000
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
exec-timeout 120 0
password 7 *****
logging synchronous
login
no modem enable
stopbits 1
line aux 0
line vty 0 4
exec-timeout 120 0
password *****
logging synchronous
login
!
scheduler max-task-time 5000
!
end
Could anyone offer any advice to resolve this issue please?
Many thanks in advance.
Mick
03-08-2004 07:29 AM
I am assuming that specifically you are asking that "route-map nonat permit 10" is not in the new router configuration. In this command, "nonat" is just name of the route-map and you need to create it manually from global configuration mode.
Example:
R1>enable
R1#conf t
R1(config)#route-map ?
Here it asks you to enter the name of route-map.
In another way if you meant to say that "route-map" command not at all supported, then it might be the problem with IOS image not reg hardware. Try to upgrade to new image.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide