Example of PBR + NAT + single-arm routing + Multi-Egress application:
Topology:
650) this. width = 650; "title =" pbr?nat=single arm. jpg "alt =" 2157022.16.jpg" src = "http://www.bkjia.com/uploads/allimg/131227/041434J46-0.jpg"/>
Note:
PC1: 192.168.1.1/24 gw 192.168.1.254
PC2: 192.168.2.1/24 gw 192.168.2.254
Used as a gateway on R3 and as an egress Router
Both ISP and ISP are simulating loose 1.1.1.1 for testing.
Main Configuration:
R3:
R3 # sh run
Building configuration...
Current configuration: 2141 bytes
!
Version12.4
Service timestamps debugdate timemsec
Service timestamps logdate timemsec
No service password-encryption
!
Hostname R3
!
Boot-start-marker
Boot-end-marker
!
!
No aaa new-model
Memory-size iomem5
!
!
Ip cef
No ip domainlookup
Ipdomainname lab. local
!
Interface Serial0/0
Ip address 100.100.100.3 255.255.255.0
Ip nat outside
Ip virtual-reassembly
Serial restart-delay 0
!
Interface Serial0/1
Ip address 200.200.200.3 255.255.255.0
Ip nat outside
Ip virtual-reassembly
Serial restart-delay0
!
Interfac eFastEthernet 1/0. 1
Encapsulation dot1Q 10
Ip address 192.168.1.254 255.255.255.0
Ip nat inside
Ip virtual-reassembly
Ip policy route-map PBR
!
Interface FastEthernet 1/0. 2
Encapsulation dot1Q 20
Ip address 192.168.2.254 255.255.255.0
Ip nat inside
Ip virtual-reassembly
Ip policy route-map PBR
!
Ip nat inside source route-map nat1 interfaceSerial 0/0 overload
Ip nat inside source route-map nat2 interfaceSerial 0/1 overload
Ip nat inside source route-map nat3 interfaceSerial 0/1 overload
Ip nat inside source route-map nat4 interfaceSerial 0/0 overload
!
Access-list 1 permit 192.168.1.0 0.0.255
Access-list 2 permit 192.168.2.0 0.0.255
!
Route-map PBR permit 10
Match ip address 1
Set ip next-hop 100.100.100.1 200.200.200.2
!
Route-map PBR permit 20
Match ip address 2
Set ip next-hop 200.200.200.2 100.100.100.1
!
Route-map nat3 permit 10
Match ip address 2
Match interface Serial0/1
!
Route-map nat2 permit 10
Match ip address 1
!
Route-map nat1 permit 10
Match ip address 1
Match interface Serial0/0
!
Route-map nat4 permit 10
Match ip address 2
!
!
!
Control-plane
!
!
Line con 0
Exec-timeout 0 0
Privilege level 15
Logging synchronous
Line aux 0
Exec-timeout 0 0
Privilege level 15
Logging synchronous
Line vty 0 4
Login
!
End
This article is from the keepalive blog, please be sure to keep this source http://jefferyyu.blog.51cto.com/2843635/1304667