Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) P75, NAT, strange routing behaviour
-----BEGIN PGP SIGNED MESSAGE-----
Hi:
I m attempting to do something "funny" with my Ascend Pipeline 75, and am
seeing strange routing table behaviour. Here s my situation:
I ve got a 1B connection profile to my ISP, Insync.net, with a statically-
assigned two-bit subnet. My P75 is capable of correctly bringing this
connection up and tearing it down. Everything with this connection is
hunky-dorey.
I am in the process of configuring a _second_ connection, to my employer
via their remote access equipment. This connection is NAT (has to be NAT),
to a private (192.x.x.x/24) subnet which is firewalled from the rest of the
net. This connection, in and of itself, is functioning.
Here s what the connections look like:
Internet Internet
| |
| |
| Firewall
| |
| |
ISP------------------------- P75 ----------------------- Work
Net:204.253.208.0/24 Net: 204.253.212.108/30 Net:
GW: 204.253.208.10
The problem:
Because of the firewall on my employer s network, and performance reasons,
I would like to route _all_ IP traffic which is destined for the
net-at-large (anywhere _but_ my employer s subnet), through my ISP
connection, even if it is necessary for the router to bring the connection
to my ISP up to route traffic.
No problem, right, just plug in a default static route to
204.253.208.10/24, like:
Destination Gateway
0.0.0.0/0 204.253.208.10 <pref> <metric>
Here s my whole routing table, (with NAT routing turned off, wanidle0 is
the connection profile to my employer s subnet):
Destination Gateway IF Flg Pref Met Use Age
0.0.0.0/0 204.253.208.10 wan7 SG 1 1 206 1731
127.0.0.0/8 - bh0 CP 0 0 0 17703
127.0.0.1/32 - local CP 0 0 0 17703
127.0.0.2/32 - rj0 CP 0 0 0 17703
192.168.56.0/24 192.168.56.11 wanidle0 SGP 150 10 0 547
192.168.56.11/32 192.168.56.11 wanidle0 SP 150 10 1 547
204.253.208.0/24 204.253.208.10 wan7 rGTM 10 1 28 1668
204.253.208.0/24 204.253.208.10 wan7 SGM 10 1 2220 17703
204.253.208.10/32 204.253.208.10 wan7 rTM 10 1 72 1668
204.253.208.10/32 204.253.208.10 wan7 SM 10 1 188 17703
204.253.212.108/30 - ie0 C 0 0 58221 17703
204.253.212.109/32 - local CP 0 0 20582 17703
209.113.65.0/24 204.253.208.10 wan7 SG 100 1 8 17703
224.0.0.0/4 - mcast CP 0 0 0 17704
224.0.0.5/32 - bh0 CP 0 0 0 17704
224.0.0.6/32 - bh0 CP 0 0 0 17704
224.0.0.9/32 - local CP 0 0 58 17704
255.255.255.255/32 - ie0 CP 0 0 0 17704
Unfortunately, when the router, running either 6.1.3 or 6.1.5, brings up the
NAT connection to my employer s net, it replaces the default route with one to
my employer s subnet, causing everything except traffic which is specifically
destined for my ISP, to be routed through my employer s net. Even worse,
this route is not removed from the routing table when the connection to my
employer s net is torn down. Thus, the router thinks that all traffic should
be routed through my employer's net, now and forevermore, amen! :-)
Here s the routing table with NAT routing turned on, and the connection to
my employer s net up:
Destination Gateway IF Flg Pref Met Use Age
0.0.0.0/0 192.168.56.11 wan8 Sn 100 1 0 6
127.0.0.0/8 - bh0 CP 0 0 0 18068
127.0.0.1/32 - local CP 0 0 0 18068
127.0.0.2/32 - rj0 CP 0 0 0 18068
172.18.250.63/32 - local rPTn 100 0 0 6
192.168.56.0/24 192.168.56.11 wan8 rPTn 10 1 0 6
192.168.56.0/24 192.168.56.11 wan8 *SGP 150 10 0 912
192.168.56.11/32 192.168.56.11 wan8 rPTn 10 1 0 6
192.168.56.11/32 192.168.56.11 wan8 *SP 150 10 1 912
204.253.208.0/24 204.253.208.10 wan7 rGTM 10 1 29 2033
204.253.208.0/24 204.253.208.10 wan7 SGM 10 1 2220 18068
204.253.208.10/32 204.253.208.10 wan7 rTM 10 1 87 2033
204.253.208.10/32 204.253.208.10 wan7 SM 10 1 199 18068
204.253.212.108/30 - ie0 C 0 0 59031 18069
204.253.212.109/32 - local CP 0 0 20777 18069
209.113.65.0/24 204.253.208.10 wan7 SG 100 1 8 18069
224.0.0.0/4 - mcast CP 0 0 0 18069
224.0.0.5/32 - bh0 CP 0 0 0 18069
224.0.0.6/32 - bh0 CP 0 0 0 18069
224.0.0.9/32 - local CP 0 0 71 18069
255.255.255.255/32 - ie0 CP 0 0 0 18069
And, here s the routing table with NAT routing turned on, and the
connection to my employer's net down:
Destination Gateway IF Flg Pref Met Use Age
0.0.0.0/0 - wanidle0 Sn 0 1 0 13
127.0.0.0/8 - bh0 CP 0 0 0 17991
127.0.0.1/32 - local CP 0 0 0 17991
127.0.0.2/32 - rj0 CP 0 0 0 17991
192.168.56.0/24 192.168.56.11 wanidle0 SGP 150 10 0 835
192.168.56.11/32 192.168.56.11 wanidle0 SP 150 10 1 835
204.253.208.0/24 204.253.208.10 wan7 rGTM 10 1 29 1956
204.253.208.0/24 204.253.208.10 wan7 SGM 10 1 2220 17991
204.253.208.10/32 204.253.208.10 wan7 rTM 10 1 85 1956
204.253.208.10/32 204.253.208.10 wan7 SM 10 1 195 17991
204.253.212.108/30 - ie0 C 0 0 58698 17991
204.253.212.109/32 - local CP 0 0 20702 17991
209.113.65.0/24 204.253.208.10 wan7 SG 100 1 8 17991
224.0.0.0/4 - mcast CP 0 0 0 17991
224.0.0.5/32 - bh0 CP 0 0 0 17991
224.0.0.6/32 - bh0 CP 0 0 0 17991
224.0.0.9/32 - local CP 0 0 68 17991
255.255.255.255/32 - ie0 CP 0 0 0 17991
In both cases above (NAT routing ON, employer's wan connection either up
or down, I'd like the default route to remain set to:
Destination Gateway IF Flg Pref Met Use Age
0.0.0.0/0 204.253.208.10 wan7 SG 1 1 206 1731
Is there any way I can accomplish what I m looking to do, other than
manually turning off NAT when I don t need/want to connect to my employer
?
Thanks muchly!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNb6sC5+dsLI5lXvRAQEDwwP6AtGdThuTHOaFJCzObU0LI9JiGnS4e6wn
iEtETad3aUAzo3jGkTWuDgK09RIEtwhTZK1HJD12Cm5G/1NAACPS1gyeVfxI50V9
QT8sJaVn4uXew5YXQaT61lMK99ODRBxZV7tvd+yyCb4ADK3Xnv8qtYivQapcpcCj
ALdHjXOKo3E=
=MrxL
-----END PGP SIGNATURE-----
=======================================================================
Greg R. Broderick AT&T is reportedly interested in buying
America Online. If this occurs, federal
regulators are concerned the merged
corporation will have a total monopoly on
busy signals.
ganymede@insync.net
greg@qrd.org
=======================================================================
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>