Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
3
Replies

DMVPN EIGRP Based with IPSEC

leroyMe
Level 1
Level 1

‎09-12-2019 10:19 PM

Hi Community,

 

Currently the 3 Routers are managed by us, now customer informed us that they will advertise a LAN Prefix via BGP

12.212.0.0 /16

 

Note: after the Router there are FW facing the other networks cloud 

 

Capture.PNG

 

In which we created an ACL for it

 

 

access-list 110 remark ** LAN PREFIX **
access-list 110 permit ip 12.212.0.0 0.0.255.255 any

 

After that we are able to received routes from the LAN prefix

 

R1#show ip bgp neighbors 10.220.189.112 received-routes | inc 12.212
*> 12.212.0.0/16 10.220.189.112 87 0 131470 ?

 

R1#show ip bgp neighbors 10.245.195.115 received-routes | inc 12.212
*> 12.212.0.0/16 10.245.195.115 87 0 131470 ?

 

R1#show ip bgp neighbors 10.240.192.121 received-routes | inc 12.212
*> 12.212.0.0/16 10.240.192.121 91 0 136571 136571 136571 ?

 

The customer requested to see the IP Nat translations, as per checking we are unable to see any translated IP from the LAN prefix but we are able to see other LAN segments from same AS being translated.

 

What I can see on the Config is that it is overloaded to the Loopback 0 but i am not sure how come other segments are being translated yet the received routes is not translated.

 

I just want to have some clarification how it works.

 

!

interface Loopback0
ip address 192.168.19.9 255.255.255.255

!

ip nat inside source list 110 interface Loopback0 overload

!

interface GigabitEthernet0/1
description LAN: iBGP
ip nat inside

!

route-map FP-193 permit 10
match ip address 100

!
access-list 100 permit ip 49.256.26.0 0.0.0.15 any (Facing FW)

!

BGP

redistribute eigrp 99 route-map FP-193

0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎09-13-2019 12:36 AM

Hello,

 

looking at the partial configuration you have posted, what are you matching in your NAT statement ?

 

ip nat inside source list 110 interface Loopback0 overload
!
route-map FP-193 permit 10
match ip address 100
!
access-list 100 permit ip 49.256.26.0 0.0.0.15 any (Facing FW)

 

Right now you are not matching anything. If the network in access list 100 is what you need to translate, use either:

 

ip nat inside source list 100 interface Loopback0 overload

 

or

 

ip nat inside source route-map FP-193 interface Loopback0 overload

 

0 Helpful

leroyMe
Level 1
Level 1

‎09-13-2019 03:08 AM

Hello,

I have an ACL for ip nat inside source list 110 interface Loopback0 overload

access-list 110 remark ** LAN PREFIX **
access-list 110 permit ip 12.212.0.0 0.0.255.255 any
0 Helpful

Georg Pauwen
VIP
VIP

‎09-13-2019 04:40 AM

Hello,

 

post the full running configuration of the router.

 

How is the firewall involved, does the firewall do any NAT translation as well ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card