ā05-29-2009 01:00 PM
Basically what I'm trying to do is NAT our CE router's IP address to a public IP in order to provide internet access to them. The only thing special is that this is on a PE router terminating customer connections with MPLS VRFs. I need to translate to a secondary IP (public) on the ethernet interface which is why I have a pool with a single IP instead of an interface. Here is the relevant configuration.
interface Looopback1
ip nat inside
interface GigabitEthernet0/3
ip nat outside
ip nat pool VRF_NAT x.x.x.x x.x.x.x netmask 255.255.255.252
ip nat inside source route-map VRF_RM pool VRF_NAT vrf GCF01 overload
!
access-list 151 deny ip 177.177.176.0 0.0.0.3 10.0.4.0 0.0.0.255
access-list 151 deny ip 177.177.176.0 0.0.0.3 10.0.5.0 0.0.0.255
access-list 151 permit ip 177.177.176.0 0.0.0.3 any
!
route-map VRF_RM permit 10
match ip address 151
(x.x.x.x) is a single public IP address assigned as a secondary IP on the gi0/3 interface
With this configuration nothing matches the route map and no translations occur. When I change the ip nat inside source command to point to the loopback interface instead of the pool, I get some translations, but it is not translating IPs of the CE router. The CE router interface is 177.177.176.2 and I need that IP translated out of the VRF to the public IP. Any help would be appreciated. Thanks
-Johnny Schultz
ā06-01-2009 04:37 AM
Hi Johnny,
Can you please follow the configuration as per the doucumentation.
also send us the
a. show ip nat translation
b. show ip route for vrf_rm
Please copy sanjeewa@cisco.com as I dont follow this mailer often.
ā06-01-2009 10:58 AM
Sanjeewa,
I will review the documentation you suggested and then apply that to my config. The show ip nat translation is empty, I was not able to get any packets to match the route map. The name of the VRF that I am working with is GCF01, and the name of the route map used to match packets for the nat statement is VRF_RM. Here is the output of the commands you requested:
lax_router7206_2#sh ip nat trans
lax_router7206_2#sh ip route vrf GCF01
Routing Table: GCF01
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.0.4.254 to network 0.0.0.0
66.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 66.x.x.x/26 [1/0] via 10.0.5.1
S 66.x.x.x/27 [1/0] via 10.0.5.1
S 66.x.x.x/27 [1/0] via 10.0.5.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.0.4.0/24 [1/0] via 10.0.4.254
C 10.5.0.0/30 is directly connected, Loopback1
177.177.0.0/30 is subnetted, 1 subnets
B 177.177.176.0 [20/0] via 177.177.177.1, 2d17h
S* 0.0.0.0/0 [1/0] via 10.0.4.254
lax_router7206_2#
Thank you very much for your reply and your assistance.
Johnny Schultz
ā06-01-2009 11:01 AM
Sanjeewa,
After reviewing the document you suggested, I have changed the configuration to the following. The netpro forum does not appear to be working because I can't post a reply there. I have included the relevant configuration:
interface Loopback1
ip vrf forwarding GCF01
ip address 10.5.0.1 255.255.255.252
interface GigabitEthernet0/3
ip address 66.x.x.x 255.255.255.0 secondary
ip address 10.0.5.17 255.255.255.0
ip policy route-map VRF
ip route vrf GCF01 0.0.0.0 0.0.0.0 GigabitEthernet0/3 10.0.4.254
ip nat pool VRF_NAT 66.x.x.x 66.x.x.x netmask 255.255.255.0
ip nat inside source list 1 pool VRF_NAT vrf GCF01 overload
access-list 1 permit 177.177.176.0 0.0.0.3
lax_router7206_2#sh ip nat trans
lax_router7206_2#sh ip nat trans vrf GCF01
lax_router7206_2#sh ip route vrf GCF01
Routing Table: GCF01
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.0.4.254 to network 0.0.0.0
66.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 66.x.x.x/26 [1/0] via 10.0.5.1
S 66.x.x.x/27 [1/0] via 10.0.5.1
S 66.x.x.x/27 [1/0] via 10.0.5.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.0.4.0/24 [1/0] via 10.0.4.254
C 10.5.0.0/30 is directly connected, Loopback1
177.177.0.0/30 is subnetted, 1 subnets
B 177.177.176.0 [20/0] via 177.177.177.1, 2d19h
S* 0.0.0.0/0 [1/0] via 10.0.4.254, GigabitEthernet0/3
lax_router7206_2#
I'm generating traffic from the CE router at 177.177.176.2 and nothing appears to match the ACL so nothing gets translated. Do I need the "ip nat inside" and "ip nat outside" commands? Can you tell me what I'm missing? Thank you.
Johnny Schultz
ā09-12-2019 01:07 AM
If you are using a router, then try to obtain IP and reconfigure it once again and try, I was also trying the same and I have figured out it be a configuration issue of the router, so if you are using a netgear router you can resolve the NetGear Router Configuration Issue in order to fix this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide