cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
459
Views
0
Helpful
7
Replies

ASR subnet not NAT processed

I have two ASR 901 routers who can't seem to get  out to the internet sourcing an EVC SVI which should be the inside NAT  network.

======================================================

NAT ROUTER:

======================================================

interface FastEthernet0/0.120

encapsulation dot1Q 120

ip address dhcp

ip nat outside

ip virtual-reassembly in

interface FastEthernet0/0.200

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip nat inside source list 1 interface FastEthernet0/0.120 overload

Standard IP access list 1

    10 permit any log (6 matches)

======================================================

ASR:

======================================================

interface GigabitEthernet0/1

negotiation auto

synchronous mode

cdp enable

synce state slave

!

service instance 2 ethernet

  encapsulation dot1q 4000

  rewrite ingress tag pop 1 symmetric

  bridge-domain 4000

!

service instance 3 ethernet

  encapsulation dot1q 200

  rewrite ingress tag pop 1 symmetric

  bridge-domain 200

interface Vlan200

ip address 192.168.200.3 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.200.1

ip route vrf MGMT 0.0.0.0 0.0.0.0 10.4.1.1

======================================================

There is a ME3400 in between the ASR and NAT router

I've checked that the VLAN is included on trunk and exists on switch.

Can ping 192.168.200.1 from both ASR

Any ideas what is happening here? Have I configured EVC wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Re: ASR subnet not NAT processed

Buy you can ping from the ASR to the fa0/0.200 IP ?

If so can you temporarily change your NAT acl to be -

access-list 101 permit ip 192.168.200.0 0.0.0.255 any

and then redo the NAT statement to use that acl and retest.

It probably won't make a difference but i have seen it work in a few instances.

Jon

View solution in original post

7 REPLIES 7
Hall of Fame Guru

ASR subnet not NAT processed

Haven't used EVCs so i may be of limited help but what does "sh ip nat translations" show on the NAT router ?

Jon

ASR subnet not NAT processed

Hi Jon

Posted in service provider forum, but this is a tricky one because it is hard to be sure if this is NAT, EVC, or something else!

Here is the output after ping

NAT-ROUTER#sh ip nat translations                 

Pro    Inside global              Inside local               Outside local            Outside global

icmp 207.191.158.141:5    192.168.200.1:5       208.67.220.220:5      208.67.220.220:5

Hall of Fame Guru

ASR subnet not NAT processed

Not sure i understand the NAT output ie.

the inside local is the IP assigned to the NAT router but i would have expected that to be an IP coming from the ASR ?

Jon

Highlighted

ASR subnet not NAT processed

Ah, that was after pinging on the NAT router itself. Pinging from the ASR yields no additional entries. Furthermore, "debug ip NAT" on the NAT router, then ping to the internet on the ASR - seems there is no activity.

Hall of Fame Guru

Re: ASR subnet not NAT processed

Buy you can ping from the ASR to the fa0/0.200 IP ?

If so can you temporarily change your NAT acl to be -

access-list 101 permit ip 192.168.200.0 0.0.0.255 any

and then redo the NAT statement to use that acl and retest.

It probably won't make a difference but i have seen it work in a few instances.

Jon

View solution in original post

ASR subnet not NAT processed

Thanks Jon you saved me a lot of headache for today. Slight change on the ACL and it all works fine!

Hall of Fame Guru

Re: ASR subnet not NAT processed

No problem, glad it worked.

Just for your info i think you could have used a standard acl as well and just specified the source network.

Some people recommend that but i have always use extended acls with NAT and it seems to work fine.

Jon

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards