Solved: Re: OSPF + NAT for different channels

Tim Geraskin · ‎07-06-2018

Greetings! There are 3 routers, 2 servers behind each one of them for information exchange, i.e. server A1 exchanges with server A2, server B1 with B2 and C1 with C2 (see picture below). I can configure Cisco router and servers A1 and B1 only. In my network, gray addresses 192.168.1.0/24 are used: servers with addresses 1 and 2, router with 100. To establish communication with external servers, static NAT is used.
If channel 10.4.0.0/24 does not work, servers A1 and A2 can not establish a connection. A similar situation occurs for servers B1 and B2, if channel 10.4.1.0/24 fails. The idea is to activate the OSPF protocol so that if any of the channels fails, communication with the servers will be resumed on an alternate path.
However, I've never seen a similar situation if one of the routers uses NAT for differrent channels (as in my case). If the channel 10.4.0.0/24 fails, the router knows how to get to the network 172.21.1.0/24, but the NAT translate address 10.4.0.3 to the Fa0/0 interface, which is in the down state, so the packets are dropped. How to save the translation and use OSPF in this case?

Thanks in advance!

Cisco#sh run
!
interface FastEthernet0/0
ip address 10.4.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf hello-interval 4
ip ospf retransmit-interval 2
ip ospf mtu-ignore
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.4.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf hello-interval 4
ip ospf retransmit-interval 2
ip ospf mtu-ignore
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
network 10.4.0.2 0.0.0.255 area 0
network 10.4.1.2 0.0.0.255 area 0
!
ip nat inside source static 192.168.1.1 10.4.0.5
ip nat inside source static 192.168.1.2 10.4.1.5
!
end

Cisco#sh ip route

Gateway of last resort is not set

172.21.0.0/24 is subnetted, 2 subnets
O 172.21.1.0 [110/11] via 10.4.0.1, FastEthernet0/0
O 172.21.2.0 [110/11] via 10.4.1.1, FastEthernet0/1
10.0.0.0/24 is subnetted, 3 subnets
O 10.4.2.0 [110/11] via 10.4.0.1, FastEthernet0/0
C 10.4.0.0 is directly connected, FastEthernet0/0
C 10.4.1.0 is directly connected, FastEthernet0/0
Cisco#

a.alekseev · ‎07-06-2018

Ip route 10.4.0.0 255.255.254.0 null0 tag 999
Route-map static2ospf
Match tag 999
Router ospf 1
Redistribute static subnet route-map static2ospf

View solution in original post

Seb Rupik · ‎07-06-2018

Hi there,

Why don't you create a Loopback interface on each router and configure that as the sole NAT Outside interface. Simply advertise the loopback IP into OSPF and the other routers will know how to return the translated traffic.

Something like:

!
int fa0/0
  no ip nat outside
int fa0/1
  no ip nat outside
!
int loopback0
  ip address 10.4.3.254 255.255.255.0
  ip nat outside
!
router ospf 100
  network 10.4.3.0 0.0.0.255 area 0
!
no ip nat inside source static 192.168.1.1 10.4.0.5
no ip nat inside source static 192.168.1.2 10.4.1.5
!
ip nat inside source static 192.168.1.1 10.4.3.1
ip nat inside source static 192.168.1.2 10.4.3.2
!

cheers,

Seb.

Tim Geraskin · ‎07-06-2018

An interesting solution, but not quite what I need. In my case, the server addresses should remain unchanged (10.4.0.5 & 10.4.1.5).

But thanks anyway!

a.alekseev · ‎07-06-2018

Ip route 10.4.0.0 255.255.254.0 null0 tag 999
Route-map static2ospf
Match tag 999
Router ospf 1
Redistribute static subnet route-map static2ospf

Tim Geraskin · ‎07-06-2018

It Works!

Thank you!