HA NAT and %IP-4-DUPADDR: Duplicate address messages

Are the messages %IP-4-DUPADDR: Duplicate address expected with HA NAT? 
With Stateful NAT they were seen if the "redundancy GROUP_NAME" was not added to the static NAT. 
I am seeing them with a correctly configured HA NAT Box to Box set up and there does not seem to be anything missing that will stop the messages. 
Is this a bug?  Should the duplicate IP messages have been suppressed?

James,
We have implemented it in 3 customers, all of them got the same crash problem (just 10 customers in the world opened a ticket with TAC and just opened 3 of them).
It will happen a lot o times during the day. Be prepared. I didnt monitor the frequency but we needed to shut the secondary router down until Cisco do something to solve.
Unfortunately this is becoming very common with Cisco softwares. Not only with routers and switches, but with others solution too.

Similar Messages

  • %IP-4-DUPADDR: Duplicate address

    Hi, I've been getting the follwoing message on my c2600 (version 13.3) router since last december (according to the log file).
    005179: .Dec 28 04:35:08.652 AUS: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xx on
    FastEthernet0/0, sourced by 0015.f987.941a
    The symptom of the problem is that occassionally the network looses connactivity.
    The mac addresses are both for Cisco devices. One is the router and i'm not sure what the other is possibly a firewall.
    The Cisco site says that we can change the mac address of one of the offending items ?
    Which would be the best one to change?
    How can i find out what the other device is?
    What if any issue arise with changing the mac address ?
    Proably other questions that i should be asking as well, but i'll get to those later.
    thanks in advance for any reponses.

    changing the mac-address will not help.
    You have to change the ip address.
    You first have to find out what/where is the other device.
    For that you can follow the L2 path.
    Go the switch to which the router is connected on fast0/0. If you don't know the switch, try 'sho cdp nei'.
    Once on the switch, check the mac-address with the command 'show mac-address address x.x.x'. It should give the port.
    Check what device is attached to this port.
    If another switch, repeat the operation above until you find the end device.
    Gilles.

  • HSRP Duplicate address

    Hi,
    There is two 4500 switches installed as distribution switches.
    HSRP and .1q trunk has been enabled between these two switches.
    access switches connected redundantly to these switches.
    mistp has been configured for layer 2 loop avoidance.
    I have checked native vlan and ip address configuration on both the distribution switches.
    still it gives the error messages continuouly
    "%HSRP-4-DUPADDR: Duplicate address 10.229.56.3 on Vlan151, sourced by 0013.c383.cebf."
    what could be the problem.
    Thank in advance.
    Thanks & regards
    Rajesh

    Hi
    Duplicate Address errors always related to some miconfiguration with the ip address on the interfaces.
    i also did try the error message decoder which also proved to be same..
    do find the same and find the recommended action to overcome this problem..
    The IP address in an HSRP message that was received on the specified interface is the same as the IP address of the router. Another router might be configured with the same IP address. The most likely cause of this condition is a network loop or a misconfigured switch that is causing the router to see its own HSRP hello messages.
    Recommended Action: Check the configurations on all the HSRP routers to ensure that the interface IP addresses are unique. Make sure that no network loops exist. If port channels are configured, check that the switch is correctly configured for port channels. Enter the standby use-bia command so that the error message displays the interface MAC address of the sending router, which can be used to determine if the error message is caused by a misconfigured router or a network loop
    regds

  • Duplicate address x.x.x.x on Port-channel10.101, sourced by 0080.7733.b2f

    HI,
    I am getting the following log message on my L3 device and the L3 switch hangs. I have restricted telnet session on the L3 device. What is causing this ?
    32w1d: %AUTOSTATE-6-SHUT_DOWN: Putting interface Port-channel10.131 into Autostate mode
    32w1d: %SYS-5-CONFIG_I: Configured from console by vty0 (127.0.0.2)
    32w1d: %AUTOSTATE-6-BRING_UP: Taking interface Port-channel10.131 out of Autostate mode
    32w1d: %AUTOSTATE-6-SHUT_DOWN: Putting interface Port-channel10.131 into Autostate mode
    32w1d: %AUTOSTATE-6-BRING_UP: Taking interface Port-channel10.131 out of Autostate mode
    39w3d: %IP-4-DUPADDR: Duplicate address x.x.85.254 on Port-channel10.101, sourced by 0080.7733.b2f9
    48w2d: %STANDBY-3-DUPADDR: Duplicate address x.x.83.251 on Port-channel10.102, sourced by 0000.0c07.ac66
    I tried to track these two mac addresses 0080.7733.b2f9 and 0000.0c07.ac66
    These mac addresses belong to IP phones which are connected to a L2 device which in turn cascaded to the L3 switch.
    Whats the meaning of "Duplicate address x.x.85.254 on Port-channel10.101, sourced by 0080.7733.b2f9 "
    x.x.85.254 is the L3 IP(Virtual L3 interface) on the L3 switch.
    Is the IP phones MAC address conflicting with the mac address of the L3 switch?
    How can I find the L3 switch's system mac addresses.
    Appreciate some detailed explanation.

    Hi,
    Just an idea : look at the STP instance of the concerned VLAN (Virtual L3 interface). it can be caused by a loop.
    symptoms ("show proc cpu hist" and "sh spann vlan x detail") and try to look at "Number of topology changes ".
    it was just an idea, hope it helps

  • Duplicate address

    Hi,
    I would appreciate some advise on the following:
    1) If 2 PCs have the same IP address on the network, what would be the impact?
    2) If a PC is having the same IP address as the gateway, what would be the impact? How do we track on the network if it happens?
    3) What would be the impact when I encountered %HSRP-4-DUPADDR: Duplicate address 192.168.1.1 on Vlan502, sourced by 0000.0c07.ac46? I tried to look into the configurations of the network devices but do not find any duplicate HSRP ip addresses, could it be the external WAN link which is using the same HSRP ip address as the router which causes it?
    4) Any impact of having same HSRP groups for 2 different VTP domains?
    5) For the above, to avoid unauthorised people to access the network, especially those who plug in a switch to disrupt the network, as well as avoid people from using the same ip address as the gateway, other than or in addition to bpdu guard, is it advisable to implement mac address tie to IP address on the DHCP server? If not, any suggestions?
    Thanks
    Christina

    When Hot Standby Router Protocol (HSRP) is running on a device, the %HSRP-4-DUPADDR:Duplicate address [IP_address] on [chars], sourced by [enet] error message can appear on the console if the IP address in an HSRP message received on the specified interface is the same as the IP address of the router receiving the message. The most likely cause of this condition is a network loop or a misconfigured switch that is causing the router to see its own HSRP hello messages.
    Check the configurations on all the HSRP routers to ensure that the interface IP addresses are unique. Check that no Layer-2 loops exist. If port channels are configured, check that the switch is configured correctly for port channels. Issue the standby use-bia command so that the error message displays the interface MAC address of the sending router, which can be used to determine if the error message is caused by a misconfigured router or a network loop.

  • Duplicate text messages Handcent msgs

    I downloaded the handcent application and it sends out duplicate text messages.   People have gotten the same message from me anywheres from 2-5 times.  Not everytime, but still annoying is there a way to fix this problem.  It has gotten worse just recently

    When you download a new messaging application on the phone you would want to make sure that the old messaging application is closed. The default messaging application is probably running in the back ground causing duplicate messages.
    Lets try 3 things to correct this issue:
    First you would want to disable the default messaging application.
    From the home screen, touch the applications tab (located at the bottom of the display).
    Touch Settings.
    Touch Applications.
    Touch Running services.
    Touch a service (select the default messaging application).
    Choose the default messaging application.Touch Stop.
    Second could I get you to do a soft reset on the device.
    Soft Reset
    Press the Power key.
    Touch Power off.
    Touch OK.
    Press the Power key to power on the device.
    Third:
    Could I get you to dial *228 send and option 1 on the device.
    From the home screen, touch the applications tab (located at the bottom of the display).
    Touch Settings.
    Touch Applications.
    Touch Running services.
    Then re-check your applications, making sure the default messaging application is not running.

  • Duplicate IPs while using NAT and HSRP

    When using two routers in the same HSRP group and the same static NAT table on each, I run into Duplicate IP address messages detected on the interface where the routers are communicating to each other for redundancy.
    HSRP is working properly because when I do a show standby one router is active and one is standby.
    Any ideas on how to eliminate this problem?
    BSC

    What you need is a feature called Stateful Fail-over of Network Address Translation or SNAT. This feature enables transparent failover of NAT sessions to the standby HSRP router if the primary HSRP device goes down.
    The link below should provide the info you need about SNAT.
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008060c61d.html#wp1049970
    HTH,
    Sundar
    *Please rate all helpful posts.

  • Static NAT and same IP address for two interfaces

    We have a Cisco ASA 5520 and in order to conserve public IP addresses and configuration (possibly) can we use the same public IP address for a static NAT with two different interfaces? Here is an example of what I'm refering too where 10.10.10.10 would be the same public IP address.
    static (inside,Outside) 10.10.10.10  access-list inside_nat_static_1
    static (production,Outside) 10.10.10.10  access-list production_nat_static_1
    Thanks for any help.
    Jeff

    Hi Jeff,
    Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.
    Thanks,
    Varun Rao
    Security Team,
    Cisco TAC

  • Howto: Zones in private subnets using ipfilter's NAT and Port forwarding

    This setup supports the following features:
    * Requires 1 Network interface total.
    * Supports 1 or more public ips.
    * Allows Zone to Zone private network traffic.
    * Allows internet access from the global zones.
    * Allows direct (via ipfilter) internet access to ports in non-global zones.
    (change networks to suit your needs, the number of public and private ip was lowered to simplify this doc)
    Network setup:
    iprb0 65.38.103.1/24
    defaultrouter 65.38.103.254
    iprb0:1 192.168.1.1/24 (in global zone)
    Create a zone on iprb0 with an ip of 192.168.1.2
    ### Example /etc/ipf/ipnat.conf
    # forward from a public port to a private zone port
    rdr iprb0 65.38.103.1/32 port 2222 -> 192.168.1.2 port 22
    # force outbound zone traffic thru a certain ip address
    # required for mail servers because of reverse lookup
    map iprb0 192.168.1.2/32 -> 65.38.103.1/32 proxy port ftp ftp/tcp
    map iprb0 192.168.1.2/32 -> 65.38.103.1/32 portmap tcp/udp auto
    map iprb0 192.168.1.2/32 -> 65.38.103.1
    # allow any 192.168.1.x zone to use the internet
    map iprb0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
    map iprb0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto
    map iprb0 192.168.1.0/24 -> 0/32For testing purposes you can leave /etc/ipf/ipf.conf empty.
    Be aware the you must "svcadm disable ipfilter; svcadm enable ipfilter" to reload rules and the rules stay loaded if they are just disabled(bug).
    Zones can't modify their routes and inherit the default routes of the global zone. Because of this we have to trick the non-global zones into using a router that doesn't exist.
    Create /etc/init.d/zone_route_hack
    Link this file to /etc/rc3.d/S99zone_route_hack.
    #/bin/sh
    # based on information found at
    # http://blogs.sun.com/roller/page/edp?entry=using_branded_zones_on_a
    # http://forum.sun.com/jive/thread.jspa?threadID=75669&messageID=275741
    fake_router=192.168.1.254
    public_net=65.38.103.0
    router=`netstat -rn | grep default | grep -v " $fake_router " | nawk '{print $2}'`
    # send some data to the real network router so we look up it's arp address
    ping -sn $router 1 1 >/dev/null
    # record the arp address of the real router
    router_arp=`arp $router | nawk '{print $4}'`
    # delete any existing arp address entry for our fake private subnet router
    arp -d $fake_router >/dev/null
    # assign the real routers arp address to our fake private subnet router
    arp -s $fake_router $router_arp
    # route our private subnet through our fake private subnet router
    route add default $fake_router
    # Can't create this route until the zone/interface are loaded
    # Adjust this based on your hardware and number of zones
    sleep 300
    # Duplicate this line for every non-global zone with a private ip that
    # will have ipfilter rdr (redirects) pointing to it
    route add -net $public_net 192.168.1.2 -ifaceNow we have both public and private ip addresses on our one iprb0 interface. If we'd really like our private zone network to really be private we don't want any non-NAT'ed 192.168.1.x traffic leaving the interface. Since ipfilter can't block traffic between zones because they use loopbacks we can just block the 192.168.1.x traffic and the zones can still talk.
    The following /etc/ipf/ipf.conf defaults to deny.
    # ipf.conf
    # IP Filter rules to be loaded during startup
    # See ipf(4) manpage for more information on
    # IP Filter rules syntax.
    # INCOMING DEFAULT DENY
    block in all
    block return-rst in proto tcp all
    # two open ports one of which is redirected in ipnat.conf
    pass in quick on iprb0 proto tcp from any to any port = 22 flags S keep state keep frags
    pass in quick on iprb0 proto tcp from any to any port = 2222 flags S keep state keep frags
    # INCOMING PING
    pass in quick on iprb0 proto icmp from any to 65.38.103.0/24 icmp-type 8 keep state
    # INCOMING GLOBAL ZONE UNIX TRACEROUTE FIX PART 1
    #pass in quick on iprb0 proto udp from any to 65.38.103.0/24 keep state
    # OUTGOING RULES
    block out all
    # ALL INTERNAL TRAFFIC STAYS INTERNAL (Zones use non-filtered loopback)
    # remove/edit as needed to actually talk to local private physical networks
    block out quick from any to 192.168.0.0/16
    block out quick from any to 172.16.0.0/12
    block out quick from any to 10.0.0.0/8
    block out quick from any to 0.0.0.0/8
    block out quick from any to 127.0.0.0/8
    block out quick from any to 169.254.0.0/16
    block out quick from any to 192.0.2.0/24
    block out quick from any to 204.152.64.0/23
    block out quick from any to 224.0.0.0/3
    # Allow traffic out the public interface on the public address
    pass out quick on iprb0 from 65.38.103.1/32 to any flags S keep state keep frags
    # OUTGOING PING
    pass out quick on iprb0 proto icmp from 65.38.103.1/32 to any icmp-type 8 keep state
    # Allow traffic out the public interface on the private address (needs nat and router arp hack)
    pass out quick on iprb0 from 192.168.1.0/24 to any flags S keep state keep frags
    # OUTGOING PING
    pass out quick on iprb0 proto icmp from 192.168.1.0/24 to any icmp-type 8 keep state
    # INCOMING TRACEROUTE FIX PART 2
    #pass out quick on iprb0 proto icmp from 65.38.103.1/32 to any icmp-type 3 keep stateIf you want incoming and outgoing internet in your zones it is easier if you just give them public ips and setup a firewall in the global zone. If you have limited public ip address(I'm setting up a colocation 1u server) then you might take this approach. One of the best things about doing thing this way is that any software configured in the non-global zones will never be configured to listen on an ip address that might change if you change public ips.

    Instead of using the script as a legacy_run script, set it up in SMF.
    First create the file /var/svc/manifest/system/ip-route-hack.xml with
    the following
    ---Start---
    <?xml version="1.0"?>
    <!DOCTYPE service_bundle SYSTEM
    "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
    <!--
    ident "@(#)ip-route-hack.xml 1.0 09/21/06"
    -->
    <service_bundle type='manifest' name='NATtrans:ip-route-hack'>
    <service
    name='system/ip-route-hack'
    type='service'
    version='1'>
    <create_default_instance enabled='true' />
    <single_instance />
    <dependency
    name='physical'
    grouping='require_all'
    type='service'
    restart_on='none'>
    <service_fmri value='svc:/network/physical:default' />
    </dependency>
    <dependency
    name='loopback'
    grouping='require_all'
    type='service'
    restart_on='none'>
    <service_fmri value='svc:/network/loopback:default' />
    </dependency>
    <exec_method
    type='method'
    name='start'
    exec='/lib/svc/method/svc-ip-route-hack start'
    timeout_seconds='0' />
    <property_group name='startd' type='framework'>
    <propval name='duration' type='astring'
    value='transient' />
    </property_group>
    <stability value='Unstable' />
    <template>
    <common_name>
    <loctext xml:lang='C'>
    Hack to allow zone to NAT translate.
    </loctext>
    </common_name>
    <documentation>
    <manpage
    title='zones'
    section='1M'
    manpath='/usr/share/man' />
    </documentation>
    </template>
    </service>
    </service_bundle>
    ---End---
    then modify /var/svc/manfiest/system/zones.xml and add the following
    dependancy
    ---Start---
    <dependency
    name='inet-ip-route-hack'
    type='service'
    grouping='require_all'
    restart_on='none'>
    <service_fmri value='svc:/system/ip-route-hack' />
    </dependency>
    ---End---
    Finally create the file /lib/svc/method/svc-ip-route-hack with the
    contents of S99zone_route_hack, minus the sleep timer (perms 0755). Run
    'svccfg import /var/svc/manifest/system/ip-route-hack.xml' and 'svccfg
    import /var/svc/manifest/system/zones.xml'.
    This will guarantee that ip-route-hack is run before zones are started,
    but after the interfaces are brought on line. It is worth noting that
    zones.xml may get overwritten during a patch, so if it suddenly stops
    working, that could be why.

  • IPv6 Duplicate Address issue

    I'm having a problem involving IPv6 with stateless autoconfig on my network. I have a Cisco 800 series router and we have several VLAN interfaces each configured with an IPv6 prefix. The problem I'm noticing is that whenever any host on the network tries to start up with stateless autoconfig they immediately detect a duplicate address for whatever address they are trying to use.
    I performed a packet capture and what I'm seeing is that when the host selects an IPv6 address to use, it performs the Neighbor Solicitation to check if the address is in use. I immediately see the exact same Neighbor Solicitation message echo'd back with the source MAC being the Cisco router. This causes the host to reject the address as a duplicate since it is receiving a Neigbor Soliciation for the same address it is attempting to use.
    This happens on all of the VLANs I have configured for IPv6. The basic VLAN config is like this:
    interface Vlan109
     description Engineering VLAN
     ip address .....
     ip helper-address .....
     ip nat inside
     ip virtual-reassembly in
     ip tcp adjust-mss 1300
     ipv6 address HE-ENG ::/64 eui-64
     ipv6 enable
     ipv6 nd ra interval 60
    Attached is a PCAP with some ICMPv6 traffic. You can see that the NS messages are duplicated and the source of the duplicates seems to be the Cisco router (70:ca:9b:e0:94:2e). Does anyone know what is going on here?

    Hi,
    Under you interface val config can you try adding:-
    int vlan 109
    ipv6 address autoconfig
    Worth a try
    Regards
    Alex

  • How do I open ports on my airport extreme and assign a fixed IP Address for a device connected to my network?

    I recently had a security system installed in my house.  One of the features is an EPAD which enables me to have a virtual keypad on my iphone, and computer to operate the alarm system.  The technician was not familiar with Mac's and Airports.  How do I open port 80 to 80 in my airport and assign a fixed IP address for the EPAD?  Apparently this is what is needed to make this work.

    There are three ranges of "strictly local" IP addresses reserved for local Network use:
    192.168.xxx.yyy
    172.16.xxx.yyy
    10.xxx.yyy.zzz
    What your Router does for you is to act as your agent on the Internet.Your requests are packaged up and forwarded on your behalf, and only when a response is expected is the response returned to your local IP address.
    Directing Network Traffic to a Specific Computer on Your
    Network (Port Mapping)
    AirPort Extreme uses Network Address Translation (NAT) to share a single IP address with the computers that join the AirPort Extreme network. To provide Internet access to several computers with one IP address, NAT assigns private IP addresses to each computer on the AirPort Extreme network, and then matches these addresses with port numbers. The wireless device creates a port-to-private IP address table entry when a computer on your AirPort (private) network sends a request for information to the Internet.
    If you’re using a web, AppleShare, or FTP server on your AirPort Extreme network, other computers initiate communication with your server. Because the Apple wireless device has no table entries for these requests, it has no way of directing the information to the appropriate computer on your AirPort network.
    To ensure that requests are properly routed to your web, AppleShare, or FTP server, you need to establish a permanent IP address for your server and provide inbound port mapping information to your Apple wireless device.
    To set up inbound port mapping:
    1) Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
    2) Click the Advanced button, and then click Port Mapping.
    3) Click the Add button and choose a service, such as Personal File Sharing, from the Service pop-up menu.

  • Load balancing weirdness using NAT and same-metric route

    Hi.
    I'm trying to set up a double-WAN load-balancing scenario:
    I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
    I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
    There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
    === PING 1 ECHO REQUEST ===
    *Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
    *Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
    *Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
    *Mar 3 04:38:43.521: ICMP type=8, code=0
    === PING 1 ECHO REPLY ===
    *Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
    *Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
    *Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
    *Mar 3 04:38:45.589: ICMP type=0, code=0
    === (something else) ===
    *Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
    OLD rdb: via 10.129.124.33, Vlan2
    NEW rdb: via 10.129.124.1, Vlan1
    === PING 2 ECHO REQUEST ===
    *Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
    *Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
    *Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
    *Mar 3 04:38:52.353: ICMP type=8, code=0
    === PING 2 ECHO REPLY ===
    *Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
    *Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
    *Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
    *Mar 3 04:38:53.033: ICMP type=0, code=0
    In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
    In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
    What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
    no ip cef
    ip dhcp pool lan-side
    import all
    network 192.168.60.0 255.255.255.0
    default-router 192.168.60.1
    domain-name doublewan.local
    dns-server 8.8.8.8 8.8.4.4
    lease infinite
    ip domain name doublewan
    interface FastEthernet0
    !doesn't appear on running-config: vlan 1 is the default access vlan
    !switchport access vlan 1
    interface FastEthernet1
    switchport access vlan 2
    interface FastEthernet2
    shutdown
    interface FastEthernet3
    shutdown
    interface FastEthernet4
    ip address 192.168.60.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no ip route-cache
    duplex auto
    speed auto
    interface Vlan1
    ip address 10.129.124.2 255.255.255.224
    ip nat outside
    ip virtual-reassembly
    no ip route-cache
    interface Vlan2
    ip address 10.129.124.35 255.255.255.224
    ip nat outside
    ip virtual-reassembly
    no ip route-cache
    ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
    ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
    ip nat inside source route-map nat1 interface Vlan1 overload
    ip nat inside source route-map nat2 interface Vlan2 overload
    ip access-list standard acl4-nexthop-vlan1
    permit 10.129.124.1
    ip access-list standard acl4-nexthop-vlan2
    permit 10.129.124.33
    route-map nat2 permit 10
    match ip address 102
    match ip next-hop acl4-nexthop-vlan2
    match interface Vlan2
    route-map nat1 permit 10
    match ip address 101
    match ip next-hop acl4-nexthop-vlan1
    match interface Vlan1
    control-plane
    Of course, there is some configuration pending for redundancy and stuff.
    Thanks a lot in advance.
    [1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html

    Hello.
    This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
    To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
    PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing".

  • Can I use Mackeeper to remove duplicate address book entries?

    On my MacBook using OS 10.7.2 and iTunes 10.5.1, after syncing with iPad2 and iPod Touch I now have 3 and 4 copies of most Address Book entries ON MY MAC BOOK. Can I use Mackeeper to remove duplicates? No option to remove duplicates ever appeared during the sync process.

    I suggest if you have MacKeeper install, that your first move be to uninstall it.
    Here is a script to find duplicates in addressbook
    http://hints.macworld.com/article.php?story=20060322202753429
    Allan

  • How to get rid of duplicate addresses all over the place?

    Duplicate addresses appears all over the places: on my mac (in the mail program) and in my ios devices.
    I suspect that it occurs during some synchronisation activities but how to get rid of this once and for all?
    Thanks for your help. It helps also if some tell me that I am not alone in that kind of trouble

    iCloud- Resolving duplicate Contacts after setting up iCloud Contacts

  • NAT and Routed Network with Two ISP's on one router

    I'm sure this has been done covered many times, but I am not finding it.
    I have two ISP connections.
    With ISP-A I have a /30 between us and 200.100.100.0/24 is routed to me via the /30 for thsi example we will say the /30 is 1.1.1.1 on isp end and 1.1.1.2 on my end
    With ISP-B I have a 100.0.0.0/29 subnet. and the ISP gateway is on that subnet at 100.0.0.1
    On the inside of my network I have devices using both 200.100.100.x addresses and devices on 192.168.100.x that need to use NAT.
    I would like all of the devices on 200.100.100.x addresses to continue using ISP-A as their gateway.
    Everything on 192.168.100.x should use NAT and go out ISP-B
    I have tried
    ip nat inside source route-map ISP-A interface GigabitEthernet0/1 overload
    route-map ISP-B permit 10
     match ip address 101
     match interface GigabitEthernet0/1
     set ip next-hop 100.0.0.1
    route-map ISP-A permit 10
     match ip address 111
     match interface Multilink1
     set ip next-hop 1.1.1.1
    The problem comes when I have default routes to ISP-A in the router than none of the ISP-B traffic works, and vice versa.

    I think for this to work correctly and be able to split traffic between the 2 ISPs, you would need to use BGP, because default is going to use one ISP or the other.
    If you can use BGP, this link will help you in load shearing between multiple ISPs when you have one router.
    http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html#conf4
    HTH

Maybe you are looking for