NAT issue on BGP configurated router

Hi everyone. I have own public ips and ASN and configuration BGP everything is ok. I can go to internet with my own IP. But when I want nat my internal subnet to my public ip and go to internet or do static nat not working. I want configuration nat on BGP router.



interface Loopback0
ip address

interface GigabitEthernet0/0
no ip address
duplex auto
speed auto

interface GigabitEthernet0/0.999
description to XDMX
encapsulation dot1Q 999
ip address
interface GigabitEthernet0/0.555
encapsulation dot1Q 555
ip address
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
interface GigabitEthernet0/0.333
description LAN
encapsulation dot1Q 333
ip address
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
router bgp 12345
bgp log-neighbor-changes
network mask
redistribute connected
redistribute static
neighbor remote-as 78945
neighbor version 4
neighbor prefix-list 1 out
ip nat pool TEST netmask
ip nat inside source static tcp 80 interface GigabitEthernet0/0.555 80
ip nat inside source list 100 pool TEST overload
ip nat inside source static tcp 53 53 extendable
ip nat inside source static udp 53 extendable
ip route Null0

ip prefix-list 1 seq 5 permit le 24
ip prefix-list 1 seq 10 permit
access-list 100 permit ip any

Georg Pauwen
VIP Expert



is this the full configuration ? It seems to me that you are missing a default route. Try and add:


ip route

paul driver
VIP Mentor


I assume then you have two ISP circuits , (bgp and internet) if so then

@Georg Pauwen  applying a default route could impede bgp connectivity


What looks like you need to do it maybe apply some PBR on the none BGP traffic so it can be natted as you requested, as for you nat config this looks okay apart from the null route pointing to your internet interface address which i suggest you remove

So if you do have dual links then you need decide what traffic you need to traverse the bgp link and what needs to go via the internet link then some PBR and if applicable possibly a preferred default route can then be introduced.


kind regards

Deepak Kumar
VIP Advocate


I want to know that are you learning default route from your isps? I am not sure if not then you have to add a default route toward to the isp gateway.


You have two ISPs so you have to apply nat with route map or same as PBR.

Giuseppe Larosa
Hall of Fame Master

Hello Ismayilov,

in order to NAT to occur traffic has to go from an internal interface with ip nat inside configured to an external interface with an external interface with ip nat outside configured.

In your case you have configured ip nat outside on the DMZ interface you should configure ip nat outside on the interface to the eBGP neighbor that is you need the following :


int GigabitEthernet0/0.999

ip nat outside


This way NAT should work


I also think that the command should be removed from the other interface as it looks like to be a DMZ interface.


Hope to help




Can you show logs from the router when you try to access the internet from a local computer so that we can see what NAT and routing is doing?