Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4639
Views
5
Helpful
18
Replies

nat overload on interface of Router

Amafsha1
Level 2
Level 2

‎05-16-2020 03:28 PM - edited ‎05-17-2020 11:42 AM

EDIT:  I was using IOSvL2 on CML2 and NAT does not work so I just changed it to IOSv and it worked right away.  

 

 

 

 

Hello folks,

 

I have setup a simple topology in CML2 lab with 3 nodes.

 

inside--->FW---static route--->RTR1---BGP--->RTR2

 

The inside uses the FW as default GW, then firewall has static route to RTR1 edge router, then edge router RTR2 is the ISP that gives us a default route.

 

So all the routing works, but I'm having an issue with NAT on the edge router RTR1. I want all traffic that comes in with source address of firewall outside interface to be NAT'd to overload NAT to outside interface of Edge RTR1.

 

So ASA firewall outside interface ip is 172.28.28.100, I put a NAT statement on the ASA firewall:

ASA# nat (inside,outside) dynamic interface

So anything that that leaves the firewall, will automatically get NAT'd to outside interface of FW and I have verified this part works by checking pcaps and seeing that it does indeed NAT all the traffic to firewall outside interface when coming from the inside and going to RTR1

 

Next up,

 

I put the following configs in for RTR1 NAT

 

RTR1#

access-list 100 permit ip 172.28.28.100 

ip nat inside source list 100 interface g0/1 overload

 

 

g0/0 is inside interface to goes to firewall (ip nat inside)

g0/1 is outside interface that goes to RTR2 (ip nat outside)

 

I do "sho ip nat trans" and I see nothing.  The traffic never gets NAT'd..  I don't know what else to do..

Labels:
0 Helpful
18 Replies 18

Georg Pauwen
VIP
VIP
In response to Amafsha1

‎05-17-2020 11:17 AM

Hello,

 

just for clarification:

 

--> ASA firewall outside interface ip is 172.28.28.100

 

interface GigabitEthernet0/0
description to FW and RTR2 --> what do you mean by that description ?
no switchport
ip nat inside
ip address 172.28.28.128 255.255.255.0
negotiation auto

 

neighbor 172.28.28.129 description RTR2 --> why do you use the same subnet on RTR2 ? What is the peer IP address on R2 ?
neighbor 172.28.28.129 soft-reconfiguration inbound

0 Helpful

Amafsha1
Level 2
Level 2
In response to Georg Pauwen

‎05-17-2020 11:39 AM

I just mean they are on the same network.  I got it working.  the problem was with the IOSvl2 .  I ripped that out and just used IOSv and it worked.  THere must be a bug or something that that IOSlv2 image..

 

Thanks for your help

0 Helpful

Amafsha1
Level 2
Level 2
In response to paul driver

‎05-17-2020 11:40 AM

got it working.  Thanks for pointing that out about which image I was using.  I ripped out IOSvl2 and put in IOSv instead and it worked instantly.  Thanks for your help

0 Helpful

paul driver
VIP
VIP
In response to Amafsha1

‎05-17-2020 02:56 PM

Hello

glad to hear it's now working after changing the vm 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card