Solved: Re: help with ip route

flippedmedia1 · ‎08-04-2005

Hi,

We are having problems routing our 192.168 addresses to the internet. When we add a default route it works fine but pushes out through that default route. Any ideas on what we are doing wrong? We have tried 100 things but nothing seems to work:

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname gw

!

ip cef

ip audit notify log

ip audit po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable

!

interface FastEthernet0/0

description 10Mbps Connection 1

ip address 64.1.147.2 255.255.255.0

ip nat outside

no ip route-cache

no ip mroute-cache

speed 100

full-duplex

no cdp enable

!

interface FastEthernet0/1

description 10Mbps Connection 2

ip address 64.2.22.166 255.255.255.252

ip nat outside

no ip route-cache

no ip mroute-cache

speed 10

full-duplex

no cdp enable

!

interface FastEthernet1/1

ip address 192.168.101.1 255.255.255.224 secondary

ip address 192.168.101.33 255.255.255.224 secondary

ip address 192.168.101.65 255.255.255.224 secondary

ip address 192.168.101.97 255.255.255.224 secondary

ip address 192.168.101.129 255.255.255.224 secondary

ip address 192.168.101.161 255.255.255.224 secondary

ip address 192.168.101.193 255.255.255.224 secondary

ip address 192.168.100.1 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

speed 100

full-duplex

no cdp enable

!

ip nat inside source static 192.168.101.2 62.100.551

ip nat inside source static 192.168.101.3 62.100.552

ip nat inside source static 192.168.101.4 62.100.553

ip nat inside source static 192.168.101.5 62.100.554

ip nat inside source static 192.168.101.6 62.100.555

ip nat inside source static 192.168.101.34 62.100.556

ip nat inside source static 192.168.101.35 62.100.557

ip nat inside source static 192.168.101.36 62.100.558

ip nat inside source static 192.168.101.37 62.100.559

ip nat inside source static 192.168.101.38 62.100.5510

ip nat inside source static 192.168.101.66 62.100.5511

ip nat inside source static 192.168.101.67 62.100.5512

ip nat inside source static 192.168.101.68 62.100.5513

ip nat inside source static 192.168.101.69 62.100.5514

ip nat inside source static 192.168.101.70 62.100.5515

ip nat inside source static 192.168.101.98 62.100.5516

ip nat inside source static 192.168.101.99 62.100.5517

ip nat inside source static 192.168.101.100 62.100.5518

ip nat inside source static 192.168.101.101 62.100.5519

ip nat inside source static 192.168.101.102 62.100.5520

ip nat inside source static 192.168.101.130 62.100.5521

ip nat inside source static 192.168.101.131 62.100.5522

ip nat inside source static 192.168.101.132 62.100.5523

ip nat inside source static 192.168.101.133 62.100.5524

ip nat inside source static 192.168.101.134 62.100.5525

ip nat inside source static 192.168.100.201 62.100.5527

ip nat inside source static 192.168.100.151 62.100.5528

ip nat inside source static 192.168.100.216 64.1.147.216

ip nat inside source static 192.168.100.121 62.100.5529

ip nat inside source static 192.168.100.200 62.100.5530

ip nat inside source static 192.168.101.205 62.100.5526

no ip http server

no ip http secure-server

ip classless

no ip route static inter-vrf

ip route 192.168.100.0 255.255.255.0 64.2.22.165

ip route 192.168.101.0 255.255.255.224 64.1.147.1

ip route 192.168.101.32 255.255.255.224 64.1.147.1

ip route 192.168.101.64 255.255.255.224 64.1.147.1

ip route 192.168.101.96 255.255.255.224 64.1.147.1

ip route 192.168.101.128 255.255.255.224 64.1.147.211

ip route 192.168.101.160 255.255.255.224 64.1.147.211

ip route 192.168.101.192 255.255.255.224 64.2.22.165

!

snmp-server community 7fmiow55 RW 20

snmp-server enable traps tty

!

line con 0

line aux 0

line vty 0 3

line vty 4

transport input ssh

!

end

Thanks

shijogeorge · ‎08-04-2005

Hi,

You can't use static routes for doing source based routing.

Try route maps as follows.

access-list xx permit ip 192.168.101.0 0.0.0.127 any

access-list yy permit ip 192.168.101.128 0.0.0.61 any

access-list zz permit ip 192.168.100.0 0.0.0.255 any

access-list zz permit ip 192.168.101.192 0.0.0.31 any

route-map internet permit 10

match ip address xx

set ip next-hop 64.1.147.1

route-map internet permit 20

match ip address yy

set ip next-hop 64.1.147.211

route-map internet permit 30

match ip address zz

set ip next-hop 64.2.22.165

interface FastEthernet1/1

ip policy route-map internet

HTH

Regards,

Shijo George.

View solution in original post

antonyjaison · ‎08-04-2005

Hi,

Please understand the syntax for ip route command. You have to secify the destination addresses in ip route commands not your inside source network. I can see that 198.168.100.* and 198.168.101.* are your inside networks. Remove all the static routes which you added now and add a single default route to internet( because we don't know destination networks which we are going to access in intrenet). Your purpose will be solved with a default route itself..

Jaison

flippedmedia1 · ‎08-04-2005

Jaison,

We need static routes to specify using two different ISPs for different types of traffic. We want certain subnets to push out on one interface, and other's to push on another interface.

Can you expand on why this isn't working for us with our current config?

Thanks a lot.

shijogeorge · ‎08-04-2005

Hi,

You can't use static routes for doing source based routing.

Try route maps as follows.

access-list xx permit ip 192.168.101.0 0.0.0.127 any

access-list yy permit ip 192.168.101.128 0.0.0.61 any

access-list zz permit ip 192.168.100.0 0.0.0.255 any

access-list zz permit ip 192.168.101.192 0.0.0.31 any

route-map internet permit 10

match ip address xx

set ip next-hop 64.1.147.1

route-map internet permit 20

match ip address yy

set ip next-hop 64.1.147.211

route-map internet permit 30

match ip address zz

set ip next-hop 64.2.22.165

interface FastEthernet1/1

ip policy route-map internet

HTH

Regards,

Shijo George.

flippedmedia1 · ‎08-05-2005

That worked great!

1 more question:

From 192.168.100.xxx we can't ping 192.168.101.xxx but we can ping the gateway. From 192.168.101.xxx we can ping any 192.168.100.xxx host.

How can we ping and talk to both networks?

Thanks!

antonyjaison · ‎08-04-2005

Hi,

Either you can define a access-list with source and destination ports and apply it on your outside interfaces or you can do a dynamic NATing and filter the souce addresses with a access-list.

Jaison

steveo123 · ‎08-04-2005

have you tryed adding 2 default routes with equal metrics, one pointing to ISP A and the other pointing to ISP B. and then specify two different NAT pool list depending on what type of traffic or ip addresses you need utilized with which ISP.

ip nat inside source list ISP A (specify the ip address you want)

ip nat inside source list ISP B (specify the ip addresses)

add the access lists to allow hosts

ip nat outside source list 1 pool ISP A (add-route)

ip nat outside source list 2 pool ISP B (add-route)

Regards,

steve

s