Re: ASR1001X - NATing an issue

valentyn-lytvynov · ‎06-30-2024

Hi guy's

Please, need your opinion, which wrong in config - when static nat translation there have 1 active but without internet access if i seting list to pool or list to interface loopback 0 overload it don't work in actual for local ip to outbound?

Thanks in advance Dear!

----------------------------------------------------

interface Loopback0
ip address 212.110.141.222 255.255.255.0 secondary
ip address 212.110.141.200 255.255.255.0
ip nat outside
!
interface TenGigabitEthernet0/0/0
no ip address
shutdown
!
interface TenGigabitEthernet0/0/1
no ip address
shutdown
!
interface GigabitEthernet0/0/0
ip address 217.20.178.57 255.255.255.254
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/5
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/0
ip address 10.200.10.1 255.255.255.0
ip nat inside
ip policy route-map LAN-Out
negotiation auto
!
interface FastEthernet0/1/1
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/2
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/3
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/4
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 100
!
!
interface FastEthernet0/1/5
no ip address
negotiation auto
!
interface FastEthernet0/1/6
no ip address
negotiation auto
!
interface FastEthernet0/1/7
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address dhcp
negotiation auto
!
interface BDI100
ip address 172.16.16.200 255.255.255.0
ip nat inside
!
router bgp 214776
bgp log-neighbor-changes
neighbor 217.20.178.56 remote-as 1820
!
address-family ipv4
network 212.110.141.0
neighbor 217.20.178.56 activate
neighbor 217.20.178.56 soft-reconfiguration inbound
default-information originate
exit-address-family
!
ip nat log translations syslog
ip nat inside source static network 10.0.0.0 212.110.141.200 /32
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip dns name-list 1 permit I.UA
ip dns server
ip route profile
ip ssh version 1
!
ip access-list standard LAN
permit 10.0.0.0 0.0.255.255 log
!
access-list 10 permit 93.127.126.160 log
!
route-map LAN-Out permit 10
match ip address LAN
set ip next-hop 212.110.141.200
!
!
!

paul driver · ‎06-30-2024

Hello
We see a single wan interface with an assinged public ip address that doesnt no have any NAT applied, a loopback interface with /24 public primary/secondary addressing with NAT applied of which the secindary isnt being used or called upon, Policy based route rule set to the loopback for traffic destined for a an external host and lastly a nat network statment to overload lan traffci on the loopback primary ip?

Not sure I understand your configuation and what your trying to achieive, maybe can you elaborate a little please?
Also see attached for possible NAT alternative, The assumption is the 212.110.141.0/24 is reachable to your rtr externally and you only have a single wan interface

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

valentyn-lytvynov · ‎06-30-2024

Working for me, with your additioning 66666.txt, thank you! But

The goals are have router id as first hope due to use ASN with Public ip.. ISP ip ddress 217.20.178.56 (for now!)

And can i use Loopback 0 for Public ip's and have it as nat translation ip wiht isp configured on g0/0/0? I know that the best practice it's /32 mask in Loopback int, it need to me for access to gateway via any int for srv-machine who was setiup static ip from Public pool. Hope it's helpfull

Thanks!

MHM Cisco World · ‎06-30-2024

you use public IP of one ISP (via NATing) and forward traffic using different ISP
the thing you missing here are second ISP know the IP from first one ? that not work
you need to get public IP from ISP that know these IP and forward traffic to it.
MHM

valentyn-lytvynov · ‎06-30-2024

Hi,

Little bit clarifying g0/0/0 only one ISP, Loopback - it's only assigned public from ASN pool, no other ISP for now

paul driver · ‎06-30-2024

Hello
you can use ANY public ip as long as it’s registered to you and it is being advertised either by yourself or the isp - so reachable externally towards your rtr - you do not even need it to be applied to any interface to call upon it within NAT

with regards the last past of your requirement I still do not understand what it is you wish to do- is it possibly you wish to access an internal host/srv from the other lan hosts via its public translated IP address?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

valentyn-lytvynov · ‎06-30-2024

Yeah, got it with routing for now is fine

Just one need, in this case network identified as ISP network instead self ASN with public IP. How I can resolve it changing to properly?

paul driver · ‎07-01-2024

Hello

@valentyn-lytvynov wrote:
Just one need, in this case network identified as ISP network instead self ASN with public IP. How I can resolve it
changing to properly?

That would be correct, that would be dns registered most probably by your ISP (in snapshot), unless that is you have control of the namespace?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul