nternet facing router is having a bgp peering with the ISP. When we do a static nat for one of the LAN IP and overload it with outside interface the BGP session is becoming active.
I have shared the configuration and sh ver along with this
Can you show your config?
I would like to test this case. Can you share the following outputs, my e-mail id is email@example.com -
show ip bgp summary
show ip bgp neighbors
debug ip bgp
debug ip nat detailed
And the NAT Configuration that you apply on the router?
interface GigabitEthernet0/0/1(connected to ISP)
ip nat outside
int GigabitEthernet0/0/0 (connected to LAN switch)
ip nat inside
ip nat inside source static 188.8.131.52 interface gigabitEthernet 0/0/1
router bgp 133
network 184.108.40.206 mask 255.255.248.0
neighbor 220.127.116.11 remote-as 4755
R1 uptime is 11 weeks, 5 days, 20 hours, 1 minute
Uptime for this control processor is 11 weeks, 5 days, 20 hours, 2 minutes
System returned to ROM by reload
System image file is "bootflash:asr1001-universalk9.03.04.06.S.151-3.S6.bin"
Last reload reason: PowerOn
Can you explain your lan ip addressing, why are you natting on this address range and then advertising it - Is this an ip range you just selected or was it supplied to you?
Is this bgp peering towards your ISP?
I have two question after seeing your configuration
1) If 18.104.22.168/28 is your inside network and your trying to hide to external world by nating to gig interface IP address, then why are you advertising it and to whom your advertising.
2) static nat is one to one nat. if you are nating server/host statically with interface,dont overload with interface it doesn't work.
When you do static nat with interface IP ,whenever there is any request come for router interface IP will redirected to nated IP so that's why services like telnet ,ping will be send to NATed IP address .In your case ,when there is request coming to your physical IP address ,router is looking for nat statement and sending to 22.214.171.124 thats why your BGP neighborship is not working.
There are few sites which allows access to only the IP of the ISP.
The range we are using is not registered in APNIC, but somewhere else in US, hence the access is denied.
We are trying to NAT to provide access to those sites.