09-24-2019 06:55 AM
Current configuration : 2363 bytes
!
! Last configuration change at 21:17:11 UTC Tue Sep 24 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
track 10 ip sla 10 reachability
delay down 5 up 5
!
track 20 ip sla 20 reachability
delay down 5 up 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.55.2 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.56.2 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet1/0
ip address 192.168.12.1 255.255.255.252
ip nat inside
ip policy route-map LOCAL
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 1
network 192.168.12.0 0.0.0.3 area 0
network 192.168.55.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0
!
ip nat inside source route-map ISP1 interface FastEthernet0/0 overload
ip nat inside source route-map ISP2 interface FastEthernet0/1 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.55.1 track 10
ip route 0.0.0.0 0.0.0.0 192.168.56.1 track 20
!
ip access-list extended LAN
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
permit ip 192.168.12.0 0.0.0.3 any
ip access-list extended NET1
permit ip any any
ip access-list extended NET2
permit ip any any
!
ip sla 10
icmp-echo 192.168.55.1
frequency 5
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 192.168.56.1
frequency 5
ip sla schedule 20 life forever start-time now
!
route-map LOCAL permit 30
set ip next-hop verify-availability 192.168.55.1 10 track 10
set ip next-hop verify-availability 192.168.56.1 20 track 20
!
route-map ISP2 permit 10
match ip address NET2
match interface FastEthernet0/1
!
route-map ISP1 permit 10
match ip address NET1
match interface FastEthernet0/0
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
09-26-2019 02:50 AM
Hi,
An ACL "Permit IP any any" is not supported so it is advised to change it with specific subnets as
permit 192.168.1.0 0.0.0.255 any
09-25-2019 08:20 AM
Hello
@BEASTMODE wrote:
When I changed the route-map ISP1 configuration. The OSPF is working well. Can you explain why? Thanks
ACL LIST
ip access-list extended LAN
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
permit ip 192.168.12.0 0.0.0.3 any
ip access-list extended NET1
permit ip any any
Acls for Nat using permit ip any any are not supported
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide