I don't really like that

Yura Kazakevich · ‎12-30-2015

Hello everyone. May be somebody can help me. I have router c892 (C890 Software (C890-UNIVERSALK9-M), Version 15.4(3)M4, RELEASE SOFTWARE (fc1)) with to uplinks: ISP1 (gi0) for Internet and ISP2 (fa8) to another network (10.0.0.0/8).

I tried to use PBR with match interface option, but no success (traffic from my Server 192.168.3.11 to the host 10.1.11.30 has been nated to the ISP1 WAN IP).

My config in attach (real internet IPs were changed).

Please help.

Philip D'Ath · ‎12-30-2015

I don't really like that route notation for a normal Ethernet. Try changing:

ip route 10.0.0.0 255.0.0.0 FastEthernet8

to have a proper next hop of:

ip route 10.0.0.0 255.0.0.0 10.1.36.125

Is FastEthernet8 definitely up?

The other thought going through my mind is their is already a translation entry in the cache. Try doing a:

clear ip nat ranslation *

Philip D'Ath · ‎12-30-2015

You could also try changing:

ip nat inside source list 102 pool to-bft overload

for:

ip nat inside source list 102 interface FastEthernet8 overload

and see if that has any impact. I'm not sure if using a pool with 1 single IP address equal to your interface IP is valid.

Yura Kazakevich · ‎12-30-2015

Hi guys! Thanks for your replies. I already found my mistake. It was ACL 102. I specified incorrect wildcard for subnet 10.0.0.0.

When I fixed ACL 102 everything worked. Here is correct config:

access-list 102 permit ip 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 102 deny ip any any

route-map SDM_RMAP_TO_BFT permit 10
match ip address 102
match interface FastEthernet8
!
route-map SDM_RMAP_1 permit 10
match ip address 101
match interface GigabitEthernet0

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0 overload
ip nat inside source route-map SDM_RMAP_TO_BFT interface FastEthernet8 overload

ip route 10.0.0.0 255.0.0.0 10.1.36.125

ip route 0.0.0.0 0.0.0.0 194.194.194.1 permanent

Cisco router 892 with two uplinks