04-18-2008 06:49 PM - edited 03-03-2019 09:37 PM
We have two routers: a Cisco 1721 and a Cisco 2620. Right now the 1721 is doing policy based routing to route traffic from a certain IP address (1.1.1.2) out a different internet link. If I put the exact same config on the 2620 router, traffic to the second link does not flow. Network traces show the routing and NAT working but the next hop (2.2.2.1) does not return the traffic. I can see the ARP request from 2.2.2.1 but the 2620 does not answer. Below is the relevant config of the 2620.
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.240
ip nat inside
ip policy route-map Policy1
interface FastEthernet0/1
ip address 2.2.2.2 255.255.255.248
ip nat outside
ip nat inside source static 1.1.1.2 2.2.2.3
ip route 2.2.2.0 255.255.255.248 2.2.2.1
access-list 2 permit 1.1.1.2
route-map Policy1 permit 10
match ip address 2
set ip next-hop 2.2.2.1
About the only thing different other than the router model is that the 1721 only has one Fast Ethernet interface on it so it has a 4-port Fast Ethernet Switch WAN Interface Card installed in it.
Any ideas on why this isn't working would be greatly appreciated!
04-18-2008 07:47 PM
Justin:
What's with the static route to 2.2.2.0/29? Thats a directly connected network of interface fa0/1, so you dont need a static route.
If you do a sh ip ro 2.2.2.0, Im sure the route will show as "directly connected" and your static route, with the higher AD of 1, wont be in the routing table anyway.
Also, 2.2.2.1 is ARPing for the 2.2.2.3 address (this is the new source address after the 1.1.1.2 address is NAT'ed) because it thinks the host is directly connected to its interface (same subnet), but it's not. This is why I believe the router is not replying to the ARP request for 2.2.2.3. It doesnt own the address, and doesnt have it in its ARP table.
Can you NAT to a different host address -- other than 2.2.2.3, perhaps even the 2.2.2.2 address?
Victor
04-20-2008 05:35 PM
That static route is not needed and no longer present. A case of not thinking clearly when I set this up 18 months ago.
The change of the static NAT to the IP address on Fa 0/1 worked.
Million dollar question...why would have the VLAN interface on the 1721 have responded to the ARP request for the 2.2.2.3?
Thanks for the suggestion and speedy reply. It is greatly appreciated!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide