Hi Jan, Not. I already tried "set interface Dialer3" instead of the next-hop. :/
Thanks, Ray On 8. Sep 2010, at 14:47 Uhr, Jan Gregor wrote: > Hi, > > glad that first part worked. I would suggest change the PBR route-map to > "set interface Dialer3". Maybe that helps, maybe not :). > > Best regards, > > Jan > > On 09/07/2010 06:57 PM, Ray Davis wrote: >> Thanks for the help! >> >> I tried my previous test config again except with this difference... >> >> ip access-list extended NAT_Exempt >> deny tcp any any eq www >> deny tcp any any eq 443 >> deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255 >> deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255 >> permit ip 192.168.8.0 0.0.0.255 any >> >> If I do a "sh ip nat translations" it looks like http traffic is being NATed >> correctly: >> >> HTTP Traffic (123.123.123.123 is the VDSL ip address): >> tcp 123.123.123.123:14757 192.168.8.1:14757 212.96.133.192:80 >> 212.96.133.192:80 >> >> Non-HTTP Traffic (12.34.12.34 is the SDSL ip address (default)): >> tcp 12.34.12.34:50004 192.168.8.115:50004 93.133.195.154:5938 >> 93.133.195.154:5938 >> >> But doesn't seem to go out the correct interface. At least there is never >> an http connection made. :/ >> >> Cheers, >> Ray >> >> On 6. Sep 2010, at 22:35 Uhr, Jan Gregor wrote: >> >>> Hi, >>> >>>> access-list 110 remark ***** ACL route-map RerouteWebTraffic ***** >>>> access-list 110 permit tcp any any eq www >>>> access-list 110 permit tcp any any eq 443 >>>> >>>> route-map sdsl permit 10 >>>> match ip address NAT_Exempt >>>> >>>> ip access-list extended NAT_Exempt >>>> deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255 >>>> deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255 >>>> permit ip 192.168.8.0 0.0.0.255 any >>> >>> I guess this is the problem. Try denying things allowed in acl 110 away >>> from acl NAT_Exempt and see if that helps (be sure that these new denies >>> are before permit in that acl). >>> >>> Best regards, >>> >>> Jan >>> >> > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/