it's happened twice now, and the policy routing was removed from the interface, so I'm thinking the problem has to be the NAT configuration
The problem: remote configuration of a router. Circumstances: remove poorly constructed access-lists. replace them with better constructed access-lists that are also in conformance with a system wide standard numbering convention. Change the route maps to reflect these new access-lists. one access-list determines whether or not a host on the inside can obtain a NAT translation. the other control policy routing inbound on the WAN interface. The process: 1) remove policy routing from the distant end WAN interface 2) delete old access-lists 3) delete old route-maps 4) paste in new access-lists 5) paste in the new route-maps at this point I lose connection with the router. I presume that because policy routing was disabled ( no ip policy route-map etc ) and the router was reloaded before step 2 was taken, that the problem is not with policy routing denying my own access. That leaves NAT. The ip nat outside configured on the WAN link of the remote router was in place. Now I'm racking my brains about this, because I have 9 other sites identically configured, and I configured them remotely, and life was good. Well, I guess I'll be visiting a client site in the morning. sheesh!!!!!!!!!!! -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61178&t=61178 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
