09-27-2023 08:36 PM - last edited on 10-18-2023 03:21 AM by Translator
We have 2901 on version 15.5(3)M3. The router has multiple internet connections and subnets each on their own VLAN.
Currently I use PBR to direct traffic between different subnets and their associated internet connection. There is also a
default route
(example below).
This seems to work in that
what's my ip address
returns the correct public IP address for the assigned internet connection.
However I notice that when I do a
trace route (say to 8.8.8.8)
on any of the internet connections, either on the router or a computer, they always show the
default route
(i.e. it is identical for every internet connection).
So I'm confused. Where should I start looking to investigate this?
Brian
ip route 0.0.0.0 0.0.0.0 Dialer6
access-list 181 permit ip any 192.168.0.0 0.0.0.255
route-map GIG4 permit 10
match ip address 181
set ip next-hop <ip address> or other times set interface Dialer5
interface GigabitEthernet0/1.4
ip policy route-map GIG4
ip nat inside source list 170 interface gig0/0.70 overload
access-list 170 permit ip 192.168.0.0 0.0.0.255 any
Solved! Go to Solution.
10-14-2023 11:15 PM - last edited on 10-18-2023 03:14 AM by Translator
Ok I managed to fix the problem. I deleted the
default route(no ip route 0.0.0.0 0.0.0.0 Dialer6)
and then added the following on each subnet (defining RM1, RM2, RM3 etc):
route-map RM1 permit 10
set default interface <outside internet interface> OR set ip default next-hop <outside internet gateway>
interface <internal subnet interface>
ip policy route-map RM1
The existing
ip nat
inside source were fine, providing
nat
from the subnet to the internet interface
09-27-2023 08:57 PM - last edited on 10-18-2023 03:07 AM by Translator
Hello Brian,
you're using Policy-Based Routing (PBR) to direct traffic between different subnets and their associated internet connections. The
default route
is set to Dialer6 for outgoing traffic. However, when you perform a
trace route to 8.8.8.8,
the trace shows the
default route
for all internet connections.
To investigate, start by confirming the configuration of your PBR rules. Ensure that the
route-map GIG4
is correctly matching the desired traffic based on your access list 181. Double-check the next-hop or interface specified in the
route-map.
Additionally, verify the
NAT configuration (ip nat inside source)
to confirm that
NAT
is properly translating internal IP addresses to the correct public IP associated with each internet connection.
Lastly, check the routing table
(show ip route)
to ensure that the PBR is indeed correctly routing the traffic based on your defined rules and that there are no conflicting routes causing the
trace route
to consistently show the
default route.
09-27-2023 11:13 PM
I dont get it
Can you share config
09-28-2023 02:48 AM - edited 10-14-2023 11:16 PM
Thanks for the responses! The configuration is quite long so I've stripped out the irrelevant details and also color coded the various subnet and internet interfaces - I hope this helps, see the attached file (now deleted).
10-14-2023 11:15 PM - last edited on 10-18-2023 03:14 AM by Translator
Ok I managed to fix the problem. I deleted the
default route(no ip route 0.0.0.0 0.0.0.0 Dialer6)
and then added the following on each subnet (defining RM1, RM2, RM3 etc):
route-map RM1 permit 10
set default interface <outside internet interface> OR set ip default next-hop <outside internet gateway>
interface <internal subnet interface>
ip policy route-map RM1
The existing
ip nat
inside source were fine, providing
nat
from the subnet to the internet interface
10-15-2023 12:45 AM - last edited on 10-18-2023 03:16 AM by Translator
Hello
Good to hear you have a solution, however in your OP it suggests you do not have resiliency, meaning if one of those internet connections fail, then the traffic for that particular
RM/NAT
will be policy routed into a black hole, I believe you will require some IPSLA boolean tracking to accommodate any upstream ISP failure.
in this instance can elaborate on what how you would like your traffic to be re-routed ( o which remaining active ISP interface)
10-16-2023 07:30 PM
Thanks Paul, I've started to have a look at IP SLA features in the router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide