Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
4
Replies

MPLS VPN Internet Access NAT

pablitomassa82
Level 1
Level 1

‎10-07-2015 11:03 AM - edited ‎03-05-2019 02:29 AM

Hi,

i'd like to enable internet access to a customers of a MPLS VPN. I'd like to know if the IP address of the link between CE (Customer) and PE (Service Provider) must be public or private. Many example use private address, but i don't know if it's true in the real word. Should i use public ip with NAT on CE?

Thanks a lot

Labels:
0 Helpful
4 Replies 4

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

‎10-07-2015 01:16 PM

Hi,

It is not mandatory to have public IP between PE-CE for internet traffic. What is the address range (for user/LAN) in customer site. Is it public or private?.

 

If public, you dont need NAT. If privtae, you may need NAT. 

0 Helpful

pablitomassa82
Level 1
Level 1
In response to Nagendra Kumar Nainar

‎10-07-2015 03:13 PM

In the Attachment the topology. I'd like use private IP on LAN and i also wanto to provide internet access to ther user. So User/LAN use private address, and i want to nat them when they connect to the Internet.

Is correct this configuration?

CE:

fa0/0 (user-facing interface)

ip address 10.0.2.2 255.255.255.0

no shut

fa0/1 (PE-facing interface)

ip addres 88.88.88.88 255.255.255.0

no shut

ip nat source static 10.0.2.1 88.88.88.88      (10.0.2.1 one user)

ip 0.0.0.0 0.0.0.0 88.88.88.89    

 

PE:

fa0/0 (ce-facing interface)

ip address 88.88.88.89 255.255.255.0

ip vrf forwarding GREEN

 

ip vrf GREEN 0.0.0.0 0.0.0.0 GW-1 global

ip route 88.88.88.88 255.255.255.0 fa0/0

router ospf 1

redistribute static

 

i had omitted some config

Thanks a lot

Paolo

Preview file
167 KB
0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to pablitomassa82

‎10-07-2015 08:28 PM

Hello,

the only reason I can come up with to use public address is resolving the host name of the router when using traceroute or something similar. Otherwise, it is not necessary.

Based on your topology, using the subnet mask of 24 for you public IP is not correct.

As for Nat, some commands are missing. IP Nat inside and outside. And also it works when only one user is behind the router (only Nat works for 10.0.2.1)

I hope it helps

0 Helpful

pablitomassa82
Level 1
Level 1
In response to Masoud Pourshabanian

‎10-07-2015 11:01 PM

Hi, i used the /24 in the public address only for example without care about wasting of IP address :)

to complete the NAT i used:

CE fa0/0 ip nat inside

CE fa0/1 ip nat outside

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card