> I have a PBR policy-map applied on each router's Fa0/0 interface > (ingress). The route-map references an ACL that matches traffic I want > to send in a direction the routing table would not otherwise have it > go (i.e. S0/1.x instead of S0/0.x). To ensure symmetric routing, I > want to source NAT (PAT) traffic leaving the interface to that > interface's IP. All pretty straight-forward. > > Another requirement: if the interface specified by the 'set ip > next-hop' parameter in the PBR route-map is down (e.g. S0/1.x), I want > traffic to be routed as normal via S0/0.x (as I understand it should), > but I want to do the same source NAT/PAT on the other interface -- in > other words, if the traffic leaves S0/1.x, it should be source NATed > to S0/1.x's IP and if it leaves S0/0.x, it should leave with S0/0.x's > IP. > [...] > Here is the (annotated) config from the first router. The other router > is configured in exactly the same way, apart from interface IPs, > subint/DLCIs, and the 'set ip next-hop' value in the App01-PBR > route-map. >
[...] > ip nat inside source route-map App01-NAT-FOO1 interface Serial0/1.742 overload > ip nat inside source route-map App01-NAT-FOO2 interface Serial0/0.740 overload ! > access-list 125 remark ** match HTTP to server 1 ** > access-list 125 permit tcp any host 192.168.91.67 eq www > access-list 125 remark ** match HTTP to server 2 ** > access-list 125 permit tcp any host 192.168.91.3 eq www Can you try adding "match interface" to the NAT route-maps? I.e. route-map App01-NAT-FOO1 permit 10 match ip address 125 match interface Serial0/1.742 and route-map App01-NAT-FOO2 permit 10 match ip address 125 match interface Serial0/0.740 a similar config is used in an example at http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_e xample09186a0080950834.shtml oli _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
