10-09-2014 04:28 AM - edited 03-07-2019 09:03 PM
Hi Guys,
I am currently trying to configure OSPF and NAT with a 3 cisco router topology, I can ping the destination from my G0/0 interface 192.168.1.1 towards 10.1.1.1 loopback IP so OSPF is working and has built an adjacency with the connecting neighbors. I can source a ping from 10.1.1.1 towards the loopback 172.20.1.1 which works fine as well.
This is router A which is connected to both routers. From this router I can't get a ICMP response towards the loopback of 10.1.1.1 however can vice versa from 10.1.1.1 towards 172.20.1.1 so I definitely think this is a NAT configuration issue as OSPF appears to be working fine on the two routers that don't have it configured. Am I meant to configure it on the other routers? (NAT)
interface Loopback0
ip address 172.20.1.1 255.255.255.248
ip nat inside
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.252
ip nat outside
duplex full
speed 1000
!
interface GigabitEthernet0/1
ip address 192.168.1.5 255.255.255.252
ip nat outside
duplex full
speed 1000
!
router ospf 1
log-adjacency-changes
router-id 1.1.1.1
network 172.20.1.0 0.0.0.7 area 0
network 192.168.1.4 0.0.0.3 area 0
network 192.168.1.0 0.0.0.3 area 0
!
ip nat pool 60days 192.168.20.0 192.168.20.6 netmask 255.255.255.248
ip nat inside source list 1 pool 60days
ip classless
!
!
access-list 1 permit host 172.20.1.1
!
end
When I check the nat translation and statistics it shows the following:
Router#sh ip nat transl
Pro Inside global Inside local Outside local Outside global
icmp 192.168.20.1:31 172.20.1.1:31 10.1.1.1:31 10.1.1.1:31
icmp 192.168.20.1:32 172.20.1.1:32 10.1.1.1:32 10.1.1.1:32
icmp 192.168.20.1:33 172.20.1.1:33 10.1.1.1:33 10.1.1.1:33
icmp 192.168.20.1:34 172.20.1.1:34 10.1.1.1:34 10.1.1.1:34
icmp 192.168.20.1:35 172.20.1.1:35 10.1.1.1:35 10.1.1.1:35
Router#sh ip nat stat
Total translations: 5 (0 static, 5 dynamic, 5 extended)
Outside Interfaces: GigabitEthernet0/0 , GigabitEthernet0/1
Inside Interfaces: Loopback0
Hits: 5 Misses: 65
Expired translations: 30
Dynamic mappings:
-- Inside Source
access-list 1 pool 60days refCount 5
pool 60days: netmask 255.255.255.248
start 192.168.20.0 end 192.168.20.6
type generic, total addresses 7 , allocated 1 (14%), misses 0
So to me, it appears it should be able to check that 172.20.1.1 is where it needs to go once it hits the router, but from the ICMP requests it appears with the 192.168.20.1 address, it just doesn't know where to send it back towards. Do I need to configure a route for the 192.168.20.1 address so that it knows to send it back towards this router? This doesn't appear to work as it isn't being picked up by the routing table, maybe because it isn't a configured IP address on a interface?
Router where 10.1.1.1 lies:
interface Loopback0
ip address 10.1.1.1 255.255.240.0
!
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.252
duplex full
speed 1000
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 192.168.1.0 0.0.0.3 area 0
network 10.1.0.0 0.0.15.255 area 0
!
Sorry if this is messy, please ask if you need any more information and I will supply it.
Thanks in advance,
Aaron
Solved! Go to Solution.
11-04-2014 10:01 AM
If I'm understanding this correctly, you're using a pool of IPs for your NAT from a subnet that isn't in use on your network. That's not wrong per se but it's not the normal practice that I've seen. Normally, NAT either overloads an existing interface IP or uses IPs in the same subnet as an existing interface IP. Since the subnet isn't in use other than for NAT, it doesn't exist in your routing tables. If you can't use an existing subnet for you NAT IPs, you have to add the NAT subnet in some way. You can put a static route on Router A, since that's where the subnet originates, and redistribute it into OSPF for advertising to the rest of your network.
Since you have a loopback as your NAT inside, I assume this is a lab and not a real world scenario? You should be able to create another loopback interface and give it an IP in your NAT subnet and advertise that via OSPF. I haven't tested it but I don't see any reason that wouldn't work. That would allow you to avoid the static route but it's more of a contrived work-around than something I'd recommend for a real world scenario.
10-09-2014 04:37 AM
Hi,
So I have actually made it work now, with the use of a static route. Is this a necessity to be performed for NAT or should I be able to configure this with OSPF?
I have placed the static route on the 10.1.1.1 router and is getting ICMP responses and translating correctly. But I'd rather be using OSPF instead of static routes.
Thanks
Aaron
11-04-2014 10:01 AM
If I'm understanding this correctly, you're using a pool of IPs for your NAT from a subnet that isn't in use on your network. That's not wrong per se but it's not the normal practice that I've seen. Normally, NAT either overloads an existing interface IP or uses IPs in the same subnet as an existing interface IP. Since the subnet isn't in use other than for NAT, it doesn't exist in your routing tables. If you can't use an existing subnet for you NAT IPs, you have to add the NAT subnet in some way. You can put a static route on Router A, since that's where the subnet originates, and redistribute it into OSPF for advertising to the rest of your network.
Since you have a loopback as your NAT inside, I assume this is a lab and not a real world scenario? You should be able to create another loopback interface and give it an IP in your NAT subnet and advertise that via OSPF. I haven't tested it but I don't see any reason that wouldn't work. That would allow you to avoid the static route but it's more of a contrived work-around than something I'd recommend for a real world scenario.
11-28-2014 05:27 PM
Hello
Can you lease post a small topology diagram to provide a simplistic view of your network.
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide