Re: NAT issue on BGP configurated router

ismayilov.vakar · ‎04-09-2019

Hi everyone. I have own public ips and ASN and configuration BGP everything is ok. I can go to internet with my own IP. But when I want nat my internal subnet to my public ip and go to internet or do static nat not working. I want configuration nat on BGP router.

Configuration:

interface Loopback0
ip address 10.10.10.10 255.255.255.0

interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!

interface GigabitEthernet0/0.999
description to XDMX
encapsulation dot1Q 999
ip address 32.20.193.206 255.255.255.252
!
interface GigabitEthernet0/0.555
encapsulation dot1Q 555
ip address 5.222.222.1 255.255.252.0
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.333
description LAN
encapsulation dot1Q 333
ip address 192.168.22.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
router bgp 12345
bgp log-neighbor-changes
network 5.222.222.1 mask 255.255.252.0
redistribute connected
redistribute static
neighbor 32.20.193.205 remote-as 78945
neighbor 32.20.193.205 version 4
neighbor 32.20.193.205 prefix-list 1 out
!
ip nat pool TEST 5.222.222.1 5.222.222.1 netmask 255.255.252.0
ip nat inside source static tcp 192.168.22.2 80 interface GigabitEthernet0/0.555 80
ip nat inside source list 100 pool TEST overload
ip nat inside source static tcp 192.168.22.2 53 5.222.222.1 53 extendable
ip nat inside source static udp 192.168.22.2 5.222.222.1 53 extendable
ip route 5.222.222.1 255.255.255.255 Null0

!
!
ip prefix-list 1 seq 5 permit 5.222.222.1/22 le 24
ip prefix-list 1 seq 10 permit 0.0.0.0/0
access-list 100 permit ip 192.168.22.0 0.0.0.255 any

Georg Pauwen · ‎04-10-2019

Hello,

is this the full configuration ? It seems to me that you are missing a default route. Try and add:

ip route 0.0.0.0 0.0.0.0 5.222.222.2

paul driver · ‎04-10-2019

Hello

I assume then you have two ISP circuits , (bgp and internet) if so then

@Georg Pauwen applying a default route could impede bgp connectivity

What looks like you need to do it maybe apply some PBR on the none BGP traffic so it can be natted as you requested, as for you nat config this looks okay apart from the null route pointing to your internet interface address which i suggest you remove

So if you do have dual links then you need decide what traffic you need to traverse the bgp link and what needs to go via the internet link then some PBR and if applicable possibly a preferred default route can then be introduced.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Deepak Kumar · ‎04-10-2019

Hi,

I want to know that are you learning default route from your isps? I am not sure if not then you have to add a default route toward to the isp gateway.

You have two ISPs so you have to apply nat with route map or same as PBR.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Giuseppe Larosa · ‎04-10-2019

Hello Ismayilov,

in order to NAT to occur traffic has to go from an internal interface with ip nat inside configured to an external interface with an external interface with ip nat outside configured.

In your case you have configured ip nat outside on the DMZ interface you should configure ip nat outside on the interface to the eBGP neighbor that is you need the following :

int GigabitEthernet0/0.999

ip nat outside

This way NAT should work

I also think that the command should be removed from the other interface as it looks like to be a DMZ interface.

Hope to help

Giuseppe

cmoses01 · ‎04-10-2019

Can you show logs from the router when you try to access the internet from a local computer so that we can see what NAT and routing is doing?