Hello,

songyh068 · ‎04-25-2017

HI.

I want to ping 10.10.10.10 source 20.20.20.20 at 6500

ASA is natting source ip 20.20.20.20 -> 100.100.100.100

first of all, only think VRF1/BD1

how I should config static for 100.100.100.100

at external EPG N3K-1, static next-hop is 192.168.1.6 for 100.100.100.100 ?

at external EPG ASA_OUT, static next-hop is 192.168.1.5 for 100.100.100.100 ?

if not above

how to config static for 100.100.100.100??

please give me advise and reference

thank you

Joseph Young · ‎04-25-2017

If you are doing static routes then...

1. configure a static route on 'ASA_OUT' for the natted address that points to a next hop of 192.168.1.5.

2. Under 'ASA_OUT' configure a network that matches the static route and set the 'export route-control subnet' and 'External Subnets for the External EPG' flags.

3. Under 'N3k-1' configure an external network that matches the static route and check the 'export route-control subnet' and 'External Subnets for the External EPG' flags.

4. Create a contract relationship between the networks that you created in the two l3outs.

5. On the external 7600 either configure a static route for the natted address pointing back to the fabric or if you are using a dynamic protocol 'export route-control subnet' ensures that the static route is redistributed into that external protocol.

This the guide that talks about transit routing:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Transit_Routing.html#concept_E5F609A03201452D814880F26A7547CA

I bet there's some good youtube videos out there too if you get stuck.

songyh068 · ‎04-25-2017

HI

thank you for answer, I will try to config your answer

but, I am not good at english and ACI....,

so I need to check if my interpretation is correct or not

1. configure a static route on 'ASA_OUT' for the natted address that points to a next hop of 192.168.1.5.

-> I guess I need to config 100.100.100.100/32 192.168.1.5

2. Under 'ASA_OUT' configure a network that matches the static route and set the 'export route-control subnet' and 'External Subnets for the External EPG' flags

-> I guess I need to config 100.100.100.100 as export route-control subnet and external subnets for the external EPG

3. Under 'N3k-1' configure an external network that matches the static route and check the 'export route-control subnet' and 'External Subnets for the External EPG' flags.

-> I will config static route 10.10.10.10/32 points to a next hop of 192.168.1.1.under N3K-1

you mean I need to set 10.10.10.10/32 as 'export route-control subnet' and 'External Subnets for the External EPG' flags.???

thank you

Joseph Young · ‎04-27-2017

Hello,

You are mostly correct. The main thing to consider is that you should configure your static routes underneath the l3out that has the next hop that the static route is pointing to. Then, you would configure 'export route control subnet' for the matching network under the same l3out. You would also configure an identical network with 'export route control subnet' for any other l3outs that you want to advertise that route. The only other thing that is required is a contract between the l3outs.

Joe

static for ASA service graph