07-18-2019 06:19 AM
I have knowledge of theory and facts in terms of networking, but not so much practical knowledge because nearly everything I do is new to me (due to lack of experience.) We currently have an ISP managed router where our internet access and an MPLS network terminates. We're changing providers so I will need to configure a new router for internet access and a point to point. So this, in a sense, kind of sort of, opens the internal network (point to point) to the internet. What is the best practice for setting this up? Is it okay just to leave both like that or should I use VRFs ... one of the point to point ... one for the internet? Just wondering what experienced people are doing. Thanks.
07-18-2019 07:13 AM
Hello Brett,
you will need NAT on the internet facing link and you will use routing (with no NAT) on the MPLS link.
NAT = Network Address Translation
Using two different VRFs may be too much in any case you need NAT as private IP addresses per RFC 1918 cannot be routed over the public Internet.
As a minimum you will have a default static route pointing to the internet
ip route 0.0.0.0 0.0.0.0 <ISP-next-hop-address>
int gi0/0/0
ip address a.b.c.d 255.255.255.252
ip nat outside
!
int gi0/0/1
ip address 10.10.10.1 255.255.255.0
desc Internal Link
ip nat inside
int gi0/0/2
desc MPLS link
ip address 192.168.10.2 255.255.255.252
! example with static route for MPLS destinations
ip route 192.168.0.0 255.255.0.0 192.168.10.1
access-list 112 remark NAT extended ACL
access-list 112 deny 10.10.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 112 permit 10.10.0.0 0.0.255.255 any
The deny statement ensures that traffic to destinations in the MPLS network will not be source NATTed
route-map NAT permit 10
match address 112
match interface gi0/0/0
ip nat inside source route-map NAT interface gi0/0/0 overload
Hope to help
Giuseppe
07-18-2019 07:57 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide