Hi,
We have a POP with ASR 1002 for BNG and CGNAT.
The problem is with the configuration of cgnat, we can't access the cpe from outside of asr by interface of uplink.
We tried to accept by using an access list, but without success.
Follow the configuration:
interface Port-channel1.1138
encapsulation dot1Q 1138
ip address 10.1.38.5 255.255.255.248
ip nat outside
!
interface Virtual-Template1
mtu 1480
ip unnumbered Loopback0
ip nat inside
ip tcp adjust-mss 1452
peer default ip address pool pool_cisco
ipv6 enable
ipv6 nd ra lifetime 21600
ipv6 nd ra interval 4 3
ipv6 dhcp server dhcpv6
ppp mtu adaptive
ppp authentication pap
ppp ipcp dns 8.8.8.8
ppp ipcp address required
ppp ipcp address unique
ppp timeout authentication 20
!
ip local pool pool_cisco 10.38.0.0 10.38.3.255
ip local pool pool_bloqueado 10.24.0.0 10.24.3.254
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat translation max-entries 247483647
ip nat pool nat_32 x.y.z.0 x.y.z.63 prefix-length 26
ip nat inside source list 1 pool nat_32 overload
ip forward-protocol nd
!
access-list 1 permit 10.38.0.0 0.0.3.255Â
If we take out the setting "ip nat outside" of interface, we can access normally the cpe.