Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
5
Helpful
7
Replies

Inernet Over MPLS

lakhwaraa
Level 1
Level 1

‎05-19-2022 06:29 AM

Need help

I have MPLS connection between my main office and branch. I can ping and access my branch from main office and vice versa but can not browse internet. My internet is shared from my main office.

Following is my configuration

 

Client side

1.
interface GigabitEthernet0 (This is my MPLS interface)
ip address 192.168.20.174 255.255.255.252
ip virtual-reassembly in
zone-member security vpn
duplex auto
speed auto

 

2. router bgp 64525  (BGP configuration as provided by MPLS Provider)
bgp log-neighbor-changes
network 172.20.48.0 mask 255.255.255.0
neighbor 192.168.20.173 remote-as 38264
!
ip forward-protocol nd
!

3. interface Vlan1 (Local Interface)
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 172.20.48.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
ip tcp adjust-mss 1452

 

 

ip access-list extended NAT
permit ip 172.20.48.0 0.0.0.255 any

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎05-19-2022 06:33 AM

You must check the show ip route, show ip bgp
the default route must know by your HQ.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-19-2022 06:36 AM

is this NAT configured on Remote Client side, we do not see NAT Outside, and NAT config here ( we only see ACL ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World
VIP
VIP
In response to balaji.bandi

‎05-19-2022 06:44 AM

You point is OK but he pass traffic to HQ via MPLS then HQ do NAT, 

the NAT must be in HQ to make it route back for Site. 
that what I know.

0 Helpful

lakhwaraa
Level 1
Level 1
In response to MHM Cisco World

‎05-19-2022 10:48 PM

Thanks for the reply

as i already told, my other sites works fine but not this site. (All sites have same configuration)

MPLS is connected to switch which is connected to Router

 

my HQ is

 

Giga Switch conf

1. interface Vlan250
ip address 192.168.10.2 255.255.255.252

 

2.interface Vlan1
ip address 10.30.1.249 255.255.255.0

 

2. 3. router bgp 85245
bgp log-neighbor-changes
network 0.0.0.0
network 10.30.1.0 mask 255.255.255.0 (This is my tunnel running EIGRP)
neighbor 192.168.30.1 remote-as 26438

 

4. interface GigabitEthernet1/0/23
description $ Mpls Interface $
switchport access vlan 250
switchport mode access
spanning-tree portfast edge

 

interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/5
description $ local lan interface $
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/6
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/7
description $ local lan interface $
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/8
description $ local lan interface $
spanning-tree portfast edge trunk
!
interface GigabitEthernet1/0/9
description $ local lan interface $
spanning-tree portfast edge trunk
!

 

Router

1. interface GigabitEthernet0/1
ip address 19.15.20.121 255.255.255.248 (Direct Internet)
ip mtu 1492
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

 

2. interface Vlan1 (Local Lan)
ip address 10.30.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in

 

3. ip nat inside source list mynat interface GigabitEthernet0/1 overload

 

4. ip nat outside source list NAT-OUT-IN pool POOL-OUT-IN

5. ip route 0.0.0.0 0.0.0.0 19.15.20.121

6. ip access-list extended mynat

permit ip 172.30.48.0 0.0 0.0.0.255 any

 

while on branch side

 

zone security inside
zone security outside
zone security vpn

 

1. interface FastEthernet8 (Internet connected)
ip address 192.168.18.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex auto
speed auto
!
2. interface GigabitEthernet0 (MPLS)
ip address 192.168.10.174 255.255.255.252
ip virtual-reassembly in
zone-member security vpn
duplex auto
speed auto
!
3. interface Vlan1 (Local Lan)
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 172.30.48.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
ip tcp adjust-mss 1452

 

4. router bgp 85245
bgp log-neighbor-changes
network 172.30.48.0 mask 255.255.255.0
neighbor 192.168.10.173 remote-as 26438
!

5. ip access-list extended NAT
permit ip 172.30.48.0 0.0.0.255 any
!

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to lakhwaraa

‎05-20-2022 02:12 AM 

as i already told, my other sites works fine but not this site. (All sites have same configuration)

if other branch  working, you just need to replicating same setup this this branch, you need to compare the config working vs notworking, and only required to change is p2p IP address branch VLAN IP address, have you done that (if not done that way you need to cross check the config).

 

Can you post one of the working branch config or compare ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lakhwaraa
Level 1
Level 1
In response to balaji.bandi

‎05-20-2022 04:34 AM

Yes 

this is my other branchf configuration and it works fine. 

interface FastEthernet8
ip address 192.168.18.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.10.234 255.255.255.252
zone-member security vpn
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 172.30.31.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
ip tcp adjust-mss 1445
!


!
router bgp 85245
bgp log-neighbor-changes
network 172.30.31.0 mask 255.255.255.0
neighbor 192.168.10.233 remote-as 26438
!
ip access-list extended NAT
permit ip 172.30.31.0 0.0.0.255 any
!

0 Helpful

MHM Cisco World
VIP
VIP
In response to lakhwaraa

‎05-20-2022 05:12 AM

Firend this site have two defualt route 

One direct through internet direct connect and other through mpls bgp,

Staitc router have AD lower than mpls bgp this make site send traffic to internet direct not to HQ.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card