Failed NAT - The connection between two data centers

LincolnR · ‎07-31-2020

Hi guys.

In the topology within EVE, in the CE I configured NAT for thenetworks 172.21.1.0, 172.22.1.0, 172.23.1.0 . But with NAT or without NAT the server on the network 172.21.1.0 still ping the loopback on the PE. What did I do wrong to it yet ping?

I need help so that the networks above can ping the network on the router to the east.

This topology I try to reproduce the real scenario that happens in the Data Center. I will still add an ASA firewall.

Does "Real World" use NAT to translate corporate networks?

*******************************

*************CE***************

interface Loopback17
ip address 17.17.17.17 255.255.255.255
!
interface FastEthernet0/0
ip address 10.22.212.1 255.255.255.0
ip nat inside
duplex full
!
interface FastEthernet1/0
description To_Gi0/0_R1
ip address 100.126.198.237 255.255.255.252
ip nat outside
duplex full
!
router ospf 100
router-id 17.17.17.17
redistribute static subnets
network 10.22.212.0 0.0.0.255 area 100
network 100.126.198.0 0.0.0.255 area 100
network 172.21.1.0 0.0.0.255 area 0
neighbor 100.126.198.238
!
ip nat inside source list 10 interface FastEthernet1/0 overload
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 172.21.1.0 255.255.255.0 10.22.212.2
!
access-list 10 permit 172.21.1.0 0.0.0.255
access-list 20 permit 10.22.212.0 0.0.0.255

*******************************

*************PE***************

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback102
ip address 100.110.102.1 255.255.255.0
!
interface Loopback10001
description Router-id OSPF100
ip address 10.10.10.101 255.255.255.255
!
interface FastEthernet0/0
description F0/1_R2
ip address 192.168.12.1 255.255.255.0
ip ospf 1 area 0
duplex full
!
interface FastEthernet1/0
description F0/0_R3
ip address 192.168.13.1 255.255.255.0
ip ospf 1 area 0
duplex full
!
interface FastEthernet2/0
description MPLS OI_R17
ip address 100.126.198.238 255.255.255.252
duplex full
!
interface FastEthernet3/0
no ip address
shutdown
duplex full
!
router ospf 1
!
router ospf 100
router-id 10.10.10.101
network 100.110.102.0 0.0.0.255 area 100
network 100.126.198.0 0.0.0.255 area 100
neighbor 100.126.198.237
!
router bgp 500
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 500
neighbor 192.168.13.3 remote-as 500
maximum-paths ibgp 2

**********************************

R1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/0] via 192.168.12.2, 01:01:59
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [200/0] via 192.168.13.3, 01:02:07
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [200/0] via 192.168.13.3, 01:01:13
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 192.168.13.3, 01:01:13
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [200/0] via 192.168.13.3, 01:01:13
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.101/32 is directly connected, Loopback10001
O 10.22.212.0/24 [110/2] via 100.126.198.237, 01:02:25, FastEthernet2/0
100.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
B 100.1.1.4/32 [200/0] via 192.168.13.3, 01:01:13
C 100.110.102.0/24 is directly connected, Loopback102
L 100.110.102.1/32 is directly connected, Loopback102
C 100.126.198.236/30 is directly connected, FastEthernet2/0
L 100.126.198.238/32 is directly connected, FastEthernet2/0
172.21.0.0/24 is subnetted, 1 subnets
O E2 172.21.1.0 [110/20] via 100.126.198.237, 01:02:25, FastEthernet2/0
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, FastEthernet0/0
L 192.168.12.1/32 is directly connected, FastEthernet0/0
192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.13.0/24 is directly connected, FastEthernet1/0
L 192.168.13.1/32 is directly connected, FastEthernet1/0
O 192.168.23.0/24 [110/2] via 192.168.13.3, 01:02:27, FastEthernet1/0
[110/2] via 192.168.12.2, 01:02:13, FastEthernet0/0

Giuseppe Larosa · ‎08-01-2020

Hello @LincolnR ,

the original customer prefix is learned on PE router R1 as an external OSPF route

>> O E2 172.21.1.0 [110/20] via 100.126.198.237, 01:02:25, FastEthernet2/0

This is the result of the

redistribute static subnets

in the OSPF process of the CE router.

Then the PE router converts the prefix in a VPNv4 prefix and make it available to other PE nodes.

This is why wiithout NAT the ping works.

>> Does "Real World" use NAT to translate corporate networks?

NAT is used only when really necessary that is in two cases:

a) for internet access when using private RFC 1918 addresses not routable in the public internet

b) within an enterprise internetwork only if there is address overlapping with another site

Hope to help

Giuseppe

LincolnR · ‎08-02-2020

Giuseppe.

Can you help me simulate the NAT the networks 172.2x.1.0 that are on DC A so that the packet arrives on network 100.1.1.4 on DC B?