cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
530
Views
0
Helpful
2
Replies

what the process sequence between PRB and NAT

Ivanyu1987
Level 1
Level 1

Dear experts,

Following is the topology

--------------gigabit int 1---CSR1KV----gigabit int 2-----------ec2

Through G1 interface, I have built an ipsec tunnel to other side using VTI configuration.

Under G2 interface, I have added PRB to match specific traffic and set interface tunnel 1 to send to tunnel.

Also I configure nat, g1 is nat inside while g2 is nat outside. I configure ip nat outside source static x.x.x.x x.x.x.x to translate ec2 address.

My requirement is that if ec2 send traffic to the other side, csr1kv should translate the source address first, then doing the tunnel encapsulation.

But while I tcpdump in the other side, I found the source address is not translated.

So I wonder does csr1kv do PBR before NAT in this scenario or not.

Thank you in advance

2 Replies 2

Milos Megis
Level 3
Level 3

Hi,
here you can find table with order of operation if you are doing NAT:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/6209-5.html#topic1

Yeah, I'm quite confused because I have read the table before.

It says when packet transfer from nat outside port to nat inside port, csr will do nat first, then PBR.

But in my scenario, I found the nat hasn't translate the packet and PBR works before nat.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: