Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2147
Views
0
Helpful
3
Replies

BGP and NAT on the same router

Go to solution
nabhishek
Level 1
Level 1

‎11-09-2010 09:55 AM - edited ‎03-04-2019 10:24 AM

          Hi

I have a BGP session with the ISP and am receiving the entire routing feed. I also need to turn on NAT on the same router. As soon as I apply "ip nat outside" on the WAN interface and NAT an IP statically with the WAN interface (same as BGP peering IP) the BGP goes down.

I understand that this because the in the IOS order of operation NAT comes before BGP. Can someone help me find a solution where I can do BGP and NAT on the same router?

Regards

Abhi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to nabhishek

‎11-09-2010 02:53 PM

Hi Jon

I actually need to NAT a pool of private IPs to a pool of public IPs. But for testing, as of now I tried the NATing a single private IP with the WAN IP.

ip nat inside source static tcp 192.168.1.5 gigabitethernet 0/1

I need to know conceptually if the problem is NAT on the same interface/IP as the BGP peering WAN interface/IP and would it get resolved if I use a pool of IPs which are different from the WAN IP.

Yes, that is the problem. You are saying with your NAT statement anything going to the gi0/1 IP address should be natted to 192.168.1.5 and that would cover the BGP port as well.

Like i say you could be more specific with your NAT statements with ports.

However if you have a spare number of public IPs then yes it would make more sense to use these rather than the WAN IP.

Note, if you are simply using the WAN IP to PAT internal IPs then you could probably use it and still form the BGP neighborship but your statement "ip nat inside source ..." is not PAT it is a one-to-one mapping which covers all ports.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-09-2010 11:39 AM

Can you post the NAT statement you are using. For example -

ip nat inside source static 192.168.5.1

would cause this problem. But if you could use ports in the NAT statement ie.

ip nat inside source static tcp 192.168.5.1 80 80

that might solve your issue.

Jon

0 Helpful

Go to solution
nabhishek
Level 1
Level 1
In response to Jon Marshall

‎11-09-2010 02:39 PM

Can you post the NAT statement you are using. For example -

ip nat inside source static 192.168.5.1

would cause this problem. But if you could use ports in the NAT statement ie.

ip nat inside source static tcp 192.168.5.1 80 80

that might solve your issue.

Jon

Hi Jon

I actually need to NAT a pool of private IPs to a pool of public IPs. But for testing, as of now I tried the NATing a single private IP with the WAN IP.

ip nat inside source static tcp 192.168.1.5 gigabitethernet 0/1

I need to know conceptually if the problem is NAT on the same interface/IP as the BGP peering WAN interface/IP and would it get resolved if I use a pool of IPs which are different from the WAN IP.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to nabhishek

‎11-09-2010 02:53 PM

Hi Jon

I actually need to NAT a pool of private IPs to a pool of public IPs. But for testing, as of now I tried the NATing a single private IP with the WAN IP.

ip nat inside source static tcp 192.168.1.5 gigabitethernet 0/1

I need to know conceptually if the problem is NAT on the same interface/IP as the BGP peering WAN interface/IP and would it get resolved if I use a pool of IPs which are different from the WAN IP.

Yes, that is the problem. You are saying with your NAT statement anything going to the gi0/1 IP address should be natted to 192.168.1.5 and that would cover the BGP port as well.

Like i say you could be more specific with your NAT statements with ports.

However if you have a spare number of public IPs then yes it would make more sense to use these rather than the WAN IP.

Note, if you are simply using the WAN IP to PAT internal IPs then you could probably use it and still form the BGP neighborship but your statement "ip nat inside source ..." is not PAT it is a one-to-one mapping which covers all ports.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card