10-13-2010 03:35 AM - edited 03-04-2019 10:06 AM
I have set up a 1921 router with 2 Dialer interfaces connected to 2 different ISP's. I used the ip route 0.0.0.0 0.0.0.0 interface Dialer0 for all the internet traffic without any problems but I want to make an exception for the DMVPN traffic and route that over the Dialer1 interface. I created an access list that matches on the destination IP address of the DMVPN hub and a route map that sends the traffic by means of next-hop to the IP address of the Dialer1 interface. However when I try to set this I get an error message that the IP address "is our own" and I can't complete the route map. Any thoughts on what I am doing wrong?
Thank you in advance for your input.
10-14-2010 10:32 AM
Sounds like you may be mixing the local net with the remote net in the route map command.
I see your files attached, but cannot open 'em.
Perhaps paste in-line so we can have a look-see.
Regards
frank
10-14-2010 12:46 PM
Here we go:
version 15.0
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ew38
!
boot-start-marker
boot-end-marker
!
enable secret 5 $
!
aaa new-model
aaa local authentication attempts max-fail 3
!
!
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
!
no ipv6 cef
no ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.20.1 192.168.20.20
ip dhcp excluded-address 192.168.20.250 192.168.20.254
ip dhcp excluded-address 192.168.20.112
ip dhcp excluded-address 192.168.33.1 192.168.33.50
ip dhcp excluded-address 192.168.33.254
!
ip dhcp pool local-pool
import all
network 192.168.20.0 255.255.255.0
dns-server 213.75.63.36 213.75.63.70
default-router 192.168.20.1
!
ip dhcp pool remote-pool
import all
network 192.168.33.0 255.255.255.0
dns-server 213.75.63.36 213.75.63.70
default-router 192.168.33.254
!
ip dhcp pool guests-pool
import all
network 192.168.240.0 255.255.255.0
dns-server 213.75.63.36 213.75.63.70
default-router 192.168.240.1
!
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn
!
!
username ciscoadmin privilege 15 secret 5 $
!
redundancy
!
!
controller SHDSL 0/1/0
dsl-group 0 pairs 0
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
no cdp enable
!
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 33
ip address 192.168.33.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 240
ip address 192.168.240.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly
shutdown
duplex auto
speed auto
no cdp enable
no mop enabled
!
!
interface ATM0/0/0
no ip address
load-interval 30
no atm ilmi-keepalive
!
!
interface ATM0/0/0.1 point-to-point
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
load-interval 30
no atm ilmi-keepalive
!
!
interface ATM0/1/0.1 point-to-point
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username password 0
no cdp enable
!
!
interface Dialer1
ip address xxx.xxx.xxx.201 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication pap callin
ppp pap sent-username password 0
no cdp enable
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended dmvpn
permit ip 192.168.20.0 0.0.0.255 any
deny ip any any
!
access-list 100 permit ip 192.168.20.0 0.0.0.255 any
access-list 100 permit ip 192.168.33.0 0.0.0.255 any
access-list 100 permit ip 192.168.240.0 0.0.0.255 any
access-list 110 permit ip 192.168.20.0 0.0.0.255 any
access-list 110 permit ip 192.168.13.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
no cdp run
!
!
!
route-map dmvpn-out-sdsl permit 10
match ip address dmvpn
set ip default next-hop xxx.xxx.xxx.201 <-- gateway IP of dialer 1 interface
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
access-class 110 in
privilege level 15
transport input telnet ssh
transport output none
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end
10-19-2010 03:06 PM
Seems I was overcomplicating things, the fix is as obvious as this:
1) Create 2 ip routes
ip route
ip route 0.0.0.0 0.0.0.0 dialer 0 20
2) Declare the tunnel source to be the correct interface
No need for route maps. Done.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide