01-07-2007 06:22 PM - edited 03-03-2019 03:16 PM
i have 2 router in 2 offices(A and B) connecting to MPLS link. we did not run any routing protocol with ISP only static route. Since ISP didnot install the route of our LAN network, so We cannot ping from A to B from LAN to LAN, while from WAN to WAN can reach since they are ISP Ip address. i like to implement NAT, after completation, I am able to ping from A to B, but not from B to A. I have post my network diagram and my configuration. Please help me to look at it.
01-07-2007 08:51 PM
Hi Shibindong
If you are connected to a MPLS network provided by your SP then you dont need to do any kinda NAT config on your router end.
The ISP is required to have the reverse route to your local lan pointing your VRF created on the SP's PE which will be propagated either through direct MP-BGP session or through RR configured MP-BGP sessions.
The above said will have to be there in SP environment and you need to stress up your point of having the connectivity between your locations so that they can enable the same..
regds
01-07-2007 08:53 PM
Hi,
Can you check the access-list used for NAT'ing in the both the routers.
From the config posted, it appears that at the both routers ( A & B) you are having the same ACL.
Router A.
ip access-list standard suntec
permit 192.168.2.0 0.0.0.255
Router B.
ip access-list standard voicenat
permit 192.168.2.0 0.0.0.255
This should be corrected in Router A as follows
Router A ( corrected)
ip access-list standard suntec
permit 192.168.1.0 0.0.0.255
Hope this helps
-VJ
01-07-2007 08:56 PM
Hi,
I agree with the previous Netpro's comments.
Kindly check with your service provider to do the proper routing for the private ip addresses at both locations. This would be the correct approach.
-VJ
01-07-2007 10:25 PM
Functionally, your solution should work. But I agreed w/ Edwin that you really no need to implement NAT if it is MPLS enabled. However, you have to let your SP to know your LAN side address then they should add it in the VRF routing table.
Also agreed w/ VJ that your access-list is incorrect configured. I believe it is a typo...
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide