Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
4
Replies

BGP, Ip Public, Ip Private With ASR1001-x

RDjack
Level 1
Level 1

‎11-30-2017 02:31 PM - edited ‎03-05-2019 09:34 AM

Sorry if my Language is bad.

I have a problem setting in cisco asr 1001-x.

I have 2 ip BGP Global & Domestic,

Example:

- BGP Global = 172.16.10.182 / 30

- BGP Domestic = 172.16.10.186 / 30

- Ip Public = 192.16.10.1 / 24

- Ip Private = 192.168.11.1 / 24

 

Scheme:

Internet

    []

    [] (BGP)

    []

  ASR

    []

    []

    [] [] [] Bandwidth Management (192.16.10.19 / 24)

    []         ip private 192.168.11.1 / 24

    []

c3850

 

Until ASR ping to gateway BGP 172.16.10.181 & 172.16.10.185 succes, ping to google.com succes, ping to private ip succes.

If From client private ip, device c3850, device Management Bandwidth ping ASR 172.16.10.182; 172.16.10.186; 192.16.10.1 succes no problem.

But if From client private ip, device c3850, device Management Banding ping neighbor BGP 172.16.10.181; 172.16.10.185; ping google.com no succes.

are there any configuration errors or something missing with my configuration?

 

i have 2 ip BGP for global & domestic connection, and my ip public / 24. I think if 2 ip BGP I seting as nat outside,

for ip public should ip nat inside or ip nat outside

 

Please corrections

Thanks

 

My configuration:

!

interface Loopback0

 no ip address

!

interface TenGigabitEthernet0/0/0

 no ip address

 shutdown

!

interface TenGigabitEthernet0/0/1

 no ip address

 shutdown

!

interface GigabitEthernet0/0/0

 description BGP Global

 ip address 172.16.10.186 255.255.255.252

 ip nat outside

 negotiation auto

 ip virtual-reassembly

!         

interface GigabitEthernet0/0/1

 no ip address

 negotiation auto

!

interface GigabitEthernet0/0/1.10

 description PUBLIC

 encapsulation dot1Q 10

 ip address 192.16.10.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

!

interface GigabitEthernet0/0/2

 description BGP Domestik

 ip address 172.16.10.182 255.255.255.252

 ip nat outside

 negotiation auto

 ip virtual-reassembly

!

router ospf 1

 network 192.16.10.0 0.0.0.255 area 9

 network 172.16.10.180 0.0.0.3 area 9

 network 172.16.10.184 0.0.0.3 area 9

 network 192.168.11.0 0.0.0.255 area 9

!

router bgp 54321

 bgp log-neighbor-changes

 network 192.16.10.0

 network 172.16.10.180 mask 255.255.255.252

 network 172.16.10.184 mask 255.255.255.252

 neighbor 172.16.10.181 remote-as 4432

 neighbor 172.16.10.185 remote-as 4432

!

ip nat inside source list 1 interface GigabitEthernet0/0/1.10 overload

ip forward-protocol nd

!

ip http server

ip http authentication local

ip tftp source-interface GigabitEthernet0

ip route profile

ip route 192.16.10.0 255.255.255.0 192.16.10.19

ip route 192.16.11.0 255.255.255.0 192.16.10.19

!

ip access-list extended Port_Block

 deny   tcp any any eq msrpc

 deny   tcp any any eq 136

 deny   tcp any any eq 137

 deny   tcp any any eq 138

 deny   tcp any any eq 139

 deny   udp any any eq 135

 deny   udp any any eq 136

 deny   udp any any eq netbios-ns

 deny   udp any any eq netbios-dgm

 deny   udp any any eq netbios-ss

 deny   udp any any eq 445

 deny   tcp any any eq 445

 deny   tcp any any eq 593

 deny   tcp any any eq 4444

 deny   tcp any any eq 4000

 deny   tcp any any eq 995

 deny   tcp any any eq 996

 deny   tcp any any eq 997

 deny   tcp any any eq 998

 deny   tcp any any eq 999

 deny   tcp any any eq 8998

 deny   tcp any any eq 2745

 deny   tcp any any eq 4751

 deny   tcp any any eq 1434

!

access-list 1 permit 192.16.10.0 0.0.0.254

!

!

!

ipv6 access-list preauth_v6

 permit udp any any eq domain

 permit tcp any any eq domain

 permit icmp any any nd-ns

 permit icmp any any nd-na

 permit icmp any any router-solicitation

 permit icmp any any router-advertisement

 permit icmp any any redirect

 permit udp any eq 547 any eq 546

 permit udp any eq 546 any eq 547

 deny ipv6 any any

!         

control-plane

!

 !

 !

 !

 !

!

!

!

!

!

line con 0

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 login

!

 

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎12-01-2017 12:35 AM

Hello,

 

your NAT statement specifies the wrong outgoing interface:

 

ip nat inside source list 1 interface GigabitEthernet0/0/1.10 overload

 

GigabitEthernet0/0/1.10 is the NAT inside interface. You need to specify a NAT outside interface:

 

ip nat inside source list 1 interface GigabitEthernet0/0/0 overload

 

or

 

ip nat inside source list 1 interface GigabitEthernet0/0/2 overload

 

0 Helpful

RDjack
Level 1
Level 1
In response to Georg Pauwen

‎12-02-2017 02:34 AM

whether just enough one

ip nat inside source list 1 interface GigabitEthernet0 / 0/0 overload
or
ip nat inside source list 1 interface GigabitEthernet0 / 0/2 overload

because of my ISP given IP BGP Global, IP BGP Domestic, & Public IP.

I want when the browsing that is detected is my public ip 192.16.10.19

0 Helpful

Georg Pauwen
VIP
VIP
In response to RDjack

‎12-02-2017 05:24 AM

Hello,

 

sorry for the misunderstanding, I cannot figure out what you are trying to accomplish. Post in your native language (French/Spanish/whatever), we can translate...

0 Helpful

RDjack
Level 1
Level 1
In response to Georg Pauwen

‎12-04-2017 12:11 AM

sorry for my ambiguous language.
from isp A, i get:
- ip BGP Global = 172.16.10.180 / 30
- ip BGP Domestic = 172.16.10.184 / 30
- ip Public (AS Number) id Nic = 192.16.10.0 / 24

my office will use ASR 1001 for the main Router

scheme:

== Internet (ISP) ==

       []     (Global BGP + domestic BGP + AS Number)

       []      - ip BGP Global = 172.16.10.181 / 30

       []         (neighbor 172.16.10.181 remote-as 4432)

       []      - ip BGP Domestic = 172.16.10.185 / 30  

       []         (neighbor 172.16.10.181 remote-as 4432)

       []      - router bgp 54321

       []

== ASR == - ip BGP Global = 172.16.10.182 / 30

       []         - ip BGP Domestic = 172.16.10.186 / 30

       []         - ip Public (AS Number) id Nic = 192.16.10.1 / 24

       []

       [] [] []  == Bandwidth Management == (192.16.10.19 / 24)

       []              ip private 192.168.11.1 / 24

       []

       []

== c3850 == (ip private 192.168.11.2 / 24)

 

- ASR ping to gateway BGP 172.16.10.181 & 172.16.10.185 succes, ping to google.com succes, ping to private ip 192.168.11.2 succes.

- From client private ip or device c3850 or device Management Bandwidth ping ASR 172.16.10.182 or 172.16.10.186 or 192.16.10.1 succes no problem.

- But if From client private ip or device c3850 or device Management Bandwidth ping 172.16.10.181 or 172.16.10.185 or ping google.com no succes.

 

are there any configuration errors or something missing with my configuration?

 

Please corrections

Thanks

 

My configuration:

!

interface Loopback0

 no ip address

!

interface TenGigabitEthernet0/0/0

 no ip address

 shutdown

!

interface TenGigabitEthernet0/0/1

 no ip address

 shutdown

!

interface GigabitEthernet0/0/0

 description BGP Global

 ip address 172.16.10.186 255.255.255.252

 ip nat outside

 negotiation auto

 ip virtual-reassembly

!         

interface GigabitEthernet0/0/1

 no ip address

 negotiation auto

!

interface GigabitEthernet0/0/1.10

 description PUBLIC

 encapsulation dot1Q 10

 ip address 192.16.10.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

!

interface GigabitEthernet0/0/2

 description BGP Domestik

 ip address 172.16.10.182 255.255.255.252

 ip nat outside

 negotiation auto

 ip virtual-reassembly

!

router ospf 1

 network 192.16.10.0 0.0.0.255 area 9

 network 172.16.10.180 0.0.0.3 area 9

 network 172.16.10.184 0.0.0.3 area 9

 network 192.168.11.0 0.0.0.255 area 9

!

router bgp 54321

 bgp log-neighbor-changes

 network 192.16.10.0

 network 172.16.10.180 mask 255.255.255.252

 network 172.16.10.184 mask 255.255.255.252

 neighbor 172.16.10.181 remote-as 4432

 neighbor 172.16.10.185 remote-as 4432

!

ip nat inside source list 1 interface GigabitEthernet0/0/1.10 overload

ip forward-protocol nd

!

ip http server

ip http authentication local

ip tftp source-interface GigabitEthernet0

ip route profile

ip route 192.16.10.0 255.255.255.0 192.16.10.19

ip route 192.16.11.0 255.255.255.0 192.16.10.19

!

ip access-list extended Port_Block

 deny   tcp any any eq msrpc

 deny   tcp any any eq 136

 deny   tcp any any eq 137

 deny   tcp any any eq 138

 deny   tcp any any eq 139

 deny   udp any any eq 135

 deny   udp any any eq 136

 deny   udp any any eq netbios-ns

 deny   udp any any eq netbios-dgm

 deny   udp any any eq netbios-ss

 deny   udp any any eq 445

 deny   tcp any any eq 445

 deny   tcp any any eq 593

 deny   tcp any any eq 4444

 deny   tcp any any eq 4000

 deny   tcp any any eq 995

 deny   tcp any any eq 996

 deny   tcp any any eq 997

 deny   tcp any any eq 998

 deny   tcp any any eq 999

 deny   tcp any any eq 8998

 deny   tcp any any eq 2745

 deny   tcp any any eq 4751

 deny   tcp any any eq 1434

!

access-list 1 permit 192.16.10.0 0.0.0.254

!

!

!

ipv6 access-list preauth_v6

 permit udp any any eq domain

 permit tcp any any eq domain

 permit icmp any any nd-ns

 permit icmp any any nd-na

 permit icmp any any router-solicitation

 permit icmp any any router-advertisement

 permit icmp any any redirect

 permit udp any eq 547 any eq 546

 permit udp any eq 546 any eq 547

 deny ipv6 any any

!         

control-plane

!

 !

 !

 !

 !

!

!

!

!

!

line con 0

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 login

!

0 Helpful
Customers Also Viewed These Support Documents