11-13-2023 07:37 PM
Dear Expert,
I have created LAB in eve ng and the same design is attached herewith.
I have done all configuration with using MPLS WAN solution on design.
Private NW is done successfully and now i wanted to allow all DC Server, HQ Users and Branch user can access INTERNET without using routing because Priavet NW can not advertise on INTERNET WORLS then NATTING is option remain, And here is query to that how i should allow to all users to access INTERNETW with using solution NATTING.
Could you please view design and suggest me accordingly.
HQ Users LAN range is 10.22.2.0/24. 10.22.4.0/24 CAN ACCESS internet
DC Subnet range is 172.16.111.0/24, 172.16.112.0/24 CAN ACCESS internet
BR users range : 10.22.22.0/24, 10.22.23.0/24 CAN ACCESS internet
The prompt response would be highly appreciated.
Thanks a lot
Regards
Virendra P
Solved! Go to Solution.
11-14-2023 05:25 AM - last edited on 01-28-2024 11:50 PM by Translator
Dear MHM,
Add below route :
ip route 0.0.0.0 0.0.0.0 172.16.110.4
and when i removed Always, then all trace gone missing and when i add again Now you can see here the output
udp 102.1.1.1:49382 10.22.22.31:49382 200.1.1.1:33508 200.1.1.1:33508
udp 102.1.1.1:49383 10.22.22.31:49383 200.1.1.1:33509 200.1.1.1:33509
udp 102.1.1.1:49384 10.22.22.31:49384 200.1.1.1:33510 200.1.1.1:33510
udp 102.1.1.1:49385 10.22.22.31:49385 200.1.1.1:33511 200.1.1.1:33511
udp 102.1.1.1:49386 10.22.22.31:49386 200.1.1.1:33512 200.1.1.1:33512
udp 102.1.1.1:49387 10.22.22.31:49387 200.1.1.1:33513 200.1.1.1:33513
udp 102.1.1.1:49388 10.22.22.31:49388 200.1.1.1:33514 200.1.1.1:33514
udp 102.1.1.1:49389 10.22.22.31:49389 200.1.1.1:33515 200.1.1.1:33515
udp 102.1.1.1:49390 10.22.22.31:49390 200.1.1.1:33516 200.1.1.1:33516
udp 102.1.1.1:49391 10.22.22.31:49391 200.1.1.1:33517 200.1.1.1:33517
udp 102.1.1.1:49392 10.22.22.31:49392 200.1.1.1:33518 200.1.1.1:33518
udp 102.1.1.1:49393 10.22.22.31:49393 200.1.1.1:33519 200.1.1.1:33519
Pro Inside global Inside local Outside local Outside global
udp 102.1.1.1:49394 10.22.22.31:49394 200.1.1.1:33520 200.1.1.1:33520
udp 102.1.1.1:49395 10.22.22.31:49395 200.1.1.1:33521 200.1.1.1:33521
udp 102.1.1.1:49396 10.22.22.31:49396 200.1.1.1:33522 200.1.1.1:33522
udp 102.1.1.1:49397 10.22.22.31:49397 200.1.1.1:33523 200.1.1.1:33523
--- 102.1.1.1 10.22.22.31 --- ---
tcp 102.1.1.2:27680 10.22.22.32:27680 200.1.1.1:23 200.1.1.1:23
--- 102.1.1.2 10.22.22.32 --- ---
CUSINTRTR1#Look like something improved.
Now i have query and you are my GURU (Tech teacher)
Why we advertised ( default-information originate always ) and Need to understand why default route is added towards Layer 3 SW, correct my understand TO MATCH UNKNOWN INTERNET PACKET BECASUE THIS DEFAULT ROUTE IS ALWAYS USED IN BGP. AM I CORRECT ? why UDP is observed when i used telnet 23 ?
regards
Virendra P
11-14-2023 05:58 AM
11-14-2023 06:07 AM - last edited on 01-23-2024 05:56 AM by Translator
Dear MHM,
Thanks and i have already done that on SW 22 and 23,
DCSW22#sh running-config | sec route
ip route 0.0.0.0 0.0.0.0 102.1.1.1
Why we advertised ( default-information originate always ) ?
I Need to understand why default route is added towards Layer 3 SW, correct my understand TO MATCH UNKNOWN INTERNET PACKET BECASUE THIS DEFAULT ROUTE IS ALWAYS USED IN BGP. AM I CORRECT ? why UDP is observed when i used telnet 23 ?
Please confirm my understanding and need your guidance to enhance my skill .
I am really glad that whole time you are connected to me and help me to fix all issues. I can inform to client about all this when i shall get an opportunity in my life.
regards
Virendra P
11-14-2023 06:14 AM - edited 11-14-2023 06:15 AM
Need to understand why default route is added towards Layer 3 SW, correct my understand TO MATCH UNKNOWN INTERNET PACKET BECASUE THIS DEFAULT ROUTE IS ALWAYS USED IN BGP. AM I CORRECT ? Correct, we adversite defuatl via OSPF to make BR use DC as path for any public IP.
note did you run OSPF between SW22/23 and R15/R16 ? if Yes that OK but why defualt route not appear in R15/R16??
for UDP appear in NATing Note so sure what traffic this is.
11-14-2023 06:19 AM
Dear MHM,
I am happy now and Thanks a ton. Once more Your support is really helped me a lot now. My next goal is to do GRE tunnel, mGRE tunnel and DMVPN, IPSECDMVPN.
Hoping this design will help me to achieve my task. It is really honoured to meet Cisco TECH Expert.
regards
Virendra P
11-14-2023 06:23 AM
You are so welcome
have a nice day
MHM
11-14-2023 10:55 AM - last edited on 01-28-2024 11:50 PM by Translator
Udp is packet of traceroute.
The port confuse me.
But I check it traceroute udp traffic.
11-14-2023 08:15 PM
Dear MHM,
Thanks a lot for your clarification.
Now, I am going to do VPN topic with using same design. I am also doing preparation of CCIEV1.1 so i need your guidance.
Is it still worth to do CCIE EI ?
regards
Virendra P
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide