04-09-2019 11:55 PM
Hi everyone. I have own public ips and ASN and configuration BGP everything is ok. I can go to internet with my own IP. But when I want nat my internal subnet to my public ip and go to internet or do static nat not working. I want configuration nat on BGP router.
Configuration:
interface Loopback0
ip address 10.10.10.10 255.255.255.0
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.999
description to XDMX
encapsulation dot1Q 999
ip address 32.20.193.206 255.255.255.252
!
interface GigabitEthernet0/0.555
encapsulation dot1Q 555
ip address 5.222.222.1 255.255.252.0
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.333
description LAN
encapsulation dot1Q 333
ip address 192.168.22.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
router bgp 12345
bgp log-neighbor-changes
network 5.222.222.1 mask 255.255.252.0
redistribute connected
redistribute static
neighbor 32.20.193.205 remote-as 78945
neighbor 32.20.193.205 version 4
neighbor 32.20.193.205 prefix-list 1 out
!
ip nat pool TEST 5.222.222.1 5.222.222.1 netmask 255.255.252.0
ip nat inside source static tcp 192.168.22.2 80 interface GigabitEthernet0/0.555 80
ip nat inside source list 100 pool TEST overload
ip nat inside source static tcp 192.168.22.2 53 5.222.222.1 53 extendable
ip nat inside source static udp 192.168.22.2 5.222.222.1 53 extendable
ip route 5.222.222.1 255.255.255.255 Null0
!
!
ip prefix-list 1 seq 5 permit 5.222.222.1/22 le 24
ip prefix-list 1 seq 10 permit 0.0.0.0/0
access-list 100 permit ip 192.168.22.0 0.0.0.255 any
04-10-2019 12:31 AM
Hello,
is this the full configuration ? It seems to me that you are missing a default route. Try and add:
ip route 0.0.0.0 0.0.0.0 5.222.222.2
04-10-2019 02:13 AM - edited 04-10-2019 03:22 AM
Hello
I assume then you have two ISP circuits , (bgp and internet) if so then
@Georg Pauwen applying a default route could impede bgp connectivity
What looks like you need to do it maybe apply some PBR on the none BGP traffic so it can be natted as you requested, as for you nat config this looks okay apart from the null route pointing to your internet interface address which i suggest you remove
So if you do have dual links then you need decide what traffic you need to traverse the bgp link and what needs to go via the internet link then some PBR and if applicable possibly a preferred default route can then be introduced.
04-10-2019 03:06 AM
Hi,
I want to know that are you learning default route from your isps? I am not sure if not then you have to add a default route toward to the isp gateway.
You have two ISPs so you have to apply nat with route map or same as PBR.
04-10-2019 04:16 AM
Hello Ismayilov,
in order to NAT to occur traffic has to go from an internal interface with ip nat inside configured to an external interface with an external interface with ip nat outside configured.
In your case you have configured ip nat outside on the DMZ interface you should configure ip nat outside on the interface to the eBGP neighbor that is you need the following :
int GigabitEthernet0/0.999
ip nat outside
This way NAT should work
I also think that the command should be removed from the other interface as it looks like to be a DMZ interface.
Hope to help
Giuseppe
04-10-2019 07:08 AM - edited 04-10-2019 07:09 AM
Can you show logs from the router when you try to access the internet from a local computer so that we can see what NAT and routing is doing?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide