05-16-2020 03:28 PM - edited 05-17-2020 11:42 AM
EDIT: I was using IOSvL2 on CML2 and NAT does not work so I just changed it to IOSv and it worked right away.
Hello folks,
I have setup a simple topology in CML2 lab with 3 nodes.
inside--->FW---static route--->RTR1---BGP--->RTR2
The inside uses the FW as default GW, then firewall has static route to RTR1 edge router, then edge router RTR2 is the ISP that gives us a default route.
So all the routing works, but I'm having an issue with NAT on the edge router RTR1. I want all traffic that comes in with source address of firewall outside interface to be NAT'd to overload NAT to outside interface of Edge RTR1.
So ASA firewall outside interface ip is 172.28.28.100, I put a NAT statement on the ASA firewall:
ASA# nat (inside,outside) dynamic interface
So anything that that leaves the firewall, will automatically get NAT'd to outside interface of FW and I have verified this part works by checking pcaps and seeing that it does indeed NAT all the traffic to firewall outside interface when coming from the inside and going to RTR1
Next up,
I put the following configs in for RTR1 NAT
RTR1#
access-list 100 permit ip 172.28.28.100
ip nat inside source list 100 interface g0/1 overload
g0/0 is inside interface to goes to firewall (ip nat inside)
g0/1 is outside interface that goes to RTR2 (ip nat outside)
I do "sho ip nat trans" and I see nothing. The traffic never gets NAT'd.. I don't know what else to do..
05-17-2020 11:17 AM
Hello,
just for clarification:
--> ASA firewall outside interface ip is 172.28.28.100
interface GigabitEthernet0/0
description to FW and RTR2 --> what do you mean by that description ?
no switchport
ip nat inside
ip address 172.28.28.128 255.255.255.0
negotiation auto
neighbor 172.28.28.129 description RTR2 --> why do you use the same subnet on RTR2 ? What is the peer IP address on R2 ?
neighbor 172.28.28.129 soft-reconfiguration inbound
05-17-2020 11:39 AM
I just mean they are on the same network. I got it working. the problem was with the IOSvl2 . I ripped that out and just used IOSv and it worked. THere must be a bug or something that that IOSlv2 image..
Thanks for your help
05-17-2020 11:40 AM
got it working. Thanks for pointing that out about which image I was using. I ripped out IOSvl2 and put in IOSv instead and it worked instantly. Thanks for your help
05-17-2020 02:56 PM
Hello
glad to hear it's now working after changing the vm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide