Solved: Public network behind BGP on VLAN

radupavloff · ‎06-28-2016

Hello,

I have an issue. I can't connect to any of the IP 193.104.x.x/24 from outside my network.

WAN INTERFACE:

interface GigabitEthernet8
description Link-GTS
ip address 85.9.x.x 255.255.255.252 secondary
ip address 193.226.x.x 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto

LAN INTERFACE:

interface Vlan1
ip address 193.104.x.x 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in

ip nat inside source list NET_GTS_ACL interface GigabitEthernet8 overload

ip route 0.0.0.0 0.0.0.0 193.226.x.x track 1
ip route 0.0.0.0 0.0.0.0 89.18.x.x 10

ip access-list standard NET_GTS_ACL
remark CCP_ACL Category=18
permit 193.104.5.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 192.168.10.0 0.0.0.255

Francesco Molino · ‎06-28-2016

Hi

I'm not sure I get your concern.

You want from outside to reach your secondary IP on vlan1 right?

Why are you natting this public network to your WAN interface?

From outside does this 193.104.x.x networks is known? I mean, from extern host, do they know to go through your 193.226.x.x network to reach 193.104.x.x subnet? Or are you advertising this network over BGP?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎06-28-2016

Hi

I'm not sure I get your concern.

You want from outside to reach your secondary IP on vlan1 right?

Why are you natting this public network to your WAN interface?

From outside does this 193.104.x.x networks is known? I mean, from extern host, do they know to go through your 193.226.x.x network to reach 193.104.x.x subnet? Or are you advertising this network over BGP?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

radupavloff · ‎06-28-2016

Hi,

I'm advertising through bgp.

router bgp AS
bgp log-neighbor-changes
network 193.104.x.0
neighbor 85.9.x.x remote-as 5588
neighbor 85.9.x.x description gts
neighbor 85.9.x.x next-hop-self
neighbor 85.9.x.x send-community
neighbor 85.9.x.x soft-reconfiguration inbound

Francesco Molino · ‎06-29-2016

Hi

If you're advertising this network, as it is a public IP you should be able to reach it.

However I'm sorry but I didn't get you why you're natting this subnet.

When you're saying that you can't access it, how do you test it and do you see packets arriving on that router from external hosts?

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

radupavloff · ‎06-29-2016

I had NAT for that subnet on another backup interface. Thanks!