имеется старушка cisco soho-97
1 провайдер адсл
иннет через Dialer
и внутреннея сетка (10.253.0.0) через BVI
--------------------------------------------
нужно разрулить маршруты. казалось бы все хорошо, но
1. sh route-map (там кол-во совпадений 0).
2. постоянно пакеты бегут не туда, что в логах появляется срач. может у кого есть поинтереснее мысли?
bridge irb
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.252
ip accounting output-packets
ip nat inside
ip tcp adjust-mss 1452
ip access-group 115 in
no cdp enable
hold-queue 200 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 0/35
!
interface ATM0.2 point-to-point
pvc 0/37
encapsulation aal5snap
!
interface Dialer1
ip address negotiated
ip access-group 130 in
ip nat outside
encapsulation ppp
dialer pool 1
fair-queue
ppp authentication chap callin
ppp pap sent-username xxxx password 7 xxxxxxxxx
ppp ipcp dns request
!
interface BVI1
ip address dhcp client-id Ethernet0
ip access-group 140 in
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1 220
ip route 0.0.0.0 0.0.0.0 Null0 250
ip route 10.10.10.0 255.255.255.0 Ethernet0 192.168.1.10
ip route 10.253.0.0 255.255.255.0 10.253.151.1 220
ip route 10.253.0.0 255.255.255.0 Null0 250
no ip http server
no ip http secure-server
!
ip nat translation tcp-timeout 180
ip nat translation udp-timeout 120
ip nat translation syn-timeout 30
ip nat translation icmp-timeout 10
ip nat translation max-entries 2048
ip nat inside source route-map To_BVI interface BVI1 overload
ip nat inside source route-map To_Dialer interface Dialer1 overload
route-map To_BVI permit 1
match ip address LAN_To_BVI
match interface BVI1
set ip next-hop 10.253.151.1
!
route-map To_Dialer permit 1
match ip address LAN_To_Dialer
в листе LAN_To_BVI
permit ip host 10.10.10.2 10.253.0.0 0.0.0.255
permit ip host 10.10.10.3 10.253.0.0 0.0.0.255
permit ip host 10.10.10.4 10.253.0.0 0.0.0.255
permit ip host 10.10.10.5 10.253.0.0 0.0.0.255
deny ip any any log
в листе LAN_To_Dialer
permit ip host 10.10.10.3 any
permit ip host 10.10.10.3 any
deny ip any any log