The Long and Winding Road wrote: > > it's happened twice now, and the policy routing was removed > from the > interface, so I'm thinking the problem has to be the NAT > configuration
It doesn't seem like NAT could do this to you, though. NAT just affects inside hosts and you were Telnetting to the "permieter router" presumably using a real address?? Are you using NAT overload? Could there be some weird timing issue such that while the router was rebooting someone else grabbed the IP address/port number that had been in use in your conversation with the router?? Grasping here. :-) I hope you didn't hit a lot of traffic going to the customer's site! :-) Please let us know if you figure out why it locked you out using the procedure below. Or maybe it will just be one of those glitches that has no explanation. Argh. Priscilla > > The problem: remote configuration of a router. > > Circumstances: remove poorly constructed access-lists. replace > them with > better constructed access-lists that are also in conformance > with a system > wide standard numbering convention. Change the route maps to > reflect these > new access-lists. one access-list determines whether or not a > host on the > inside can obtain a NAT translation. the other control policy > routing > inbound on the WAN interface. > > The process: > > 1) remove policy routing from the distant end WAN interface > > 2) delete old access-lists > > 3) delete old route-maps > > 4) paste in new access-lists > > 5) paste in the new route-maps > > at this point I lose connection with the router. > > I presume that because policy routing was disabled ( no ip > policy route-map > etc ) and the router was reloaded before step 2 was taken, that > the problem > is not with policy routing denying my own access. > > That leaves NAT. The ip nat outside configured on the WAN link > of the remote > router was in place. > > Now I'm racking my brains about this, because I have 9 other > sites > identically configured, and I configured them remotely, and > life was good. > > Well, I guess I'll be visiting a client site in the morning. > sheesh!!!!!!!!!!! > > > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61216&t=61178 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
