cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1317
Views
10
Helpful
26
Replies

ASR1001X NAT translation don't work via BGP connection

Hey there!

Please, help to resolve my issuse after first configuring bgp connection

don't work nat translation what matter what i do

!Debugin ip nat access-list 1 

did't show anything 

26 Replies 26

Hello

Right 212.110.1.0/24 - pool of public ip

LAN - required access to internet
1 way - static nat to privat addresses from public 
or
2 way assign on devices static public ip and have access to internet


@valentyn-lytvynov  @MHM Cisco World 

So based on your diagram , you only have a single wan interface and two internal lan subnets, so im not sure why you are Policy base routing and having loopback interfaces with public ip addressing?

It suggests you just need to create some simple nat rules and you should be good, that last file (333.txt) makes no sense based on your topology ?




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

do you see any interface other than LO have Public IP 212.110.10.0 ?
he use private IP to connect two router (1.1.1.1) and he need to NAT his client into public IP. 
so he need LO and he need PBR to direct traffic into LO 

@valentyn-lytvynov I will run lab and share with the code and how you can check it

MHM

Public addresses on L0

valentynlytvynov_0-1719315348344.png

 

so in end @paul driver  was correct and you dont answer his first comment correctly 
the WAN use public IP not 1.1.1.1 (as you post and as you answer mr @paul driver ) this change all thing 
ISP2 as secondary of WAN interface to ISP1 ?
what you want here ?
I think you far away what you need here 
what you need here is dual ISP and NAT with route-map only 
http://www.bscottrandall.com/9.5.3

I think you receive default route from both ISP?

MHM

I have BGP connection from two dieferent ISP for now setuping just 1st, on examples what I seen one configured Public ip's on loopback other no, which is best practice ?

L0 - for ISP1 and ISP2 secondary addresses                                                                                                                              and Public ip's assign on G0/0/0                                                                                                                                              LAN ip's to Loopback 2 - 3

or

ISP1 address and ISP2 secondary ip's assign on G0/0/0  and G0/0/1                                                                                          Public on Loopback0 and Lan on L0 or Loopback1-2 (need to be accessible from several interfaces)         

Thanks!                                                                                                                                  

Hello
You would have two separate physical interfaces when connecting to two differing ISP circuits and BGP ASNs


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Got it,

Do you mean 1 interface for ISP 1 for ISP2 and one for assign Public ip?

I haven't connection to access switch only servers direct connected

Thanks!

Hello
In most cases the public ip addressing is supplied by the ISP you are connecting to, so based on your topology you will have different public subnets which you can NAT towards (if need be) however you show BGP , so the next question is -
Are you really running bgp or do you have just dual internet ISP connections you want to NAT on to allow internet access


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Really BGP - get 0.0.0.0 (MHM are right) and advertase Public subnet 212.110.141.0/24

Before I encrypted real addresing!

Now, I reconfiguring all ip's on dieferent physiacall interfaces

but, still can't ping client from router, LAN gateways pinged

Hello
So im still not sure you require bgp or not, its suggest you do not if you are swapping interfaces on the fly?
Can you post your current cfg please (in a file) 

Im thinking you have two internet paths (now on two physical interfaces) and two lan interfaces, and your requirement is to use both of these wan connections at the same time( dual wan active/active) so to provide internet access for you lan1/lan2 hosts


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Paul, have a good Day!

This configuration works, but DNS does not work correctly, names are not resolved, I can ping any IP address, but not names from clients pc, from router pinged any domain names.

I disabled dhcp, dns server and domain-lookup on the router but no worked!

valentynlytvynov_0-1719404390900.png 

valentynlytvynov_1-1719404504839.png

 

 

 

Hi Guy's

Very grateful to you!

But there is one more thing, what method can be used to add several interfaces in one group instead of Vlan on router, BDI is good way or VRF or other?

 

Thanks!

Review Cisco Networking for a $25 gift card