Natting with BGP routes

ICFCISCO1 · ‎11-15-2012

Hello,

i have some Problem with doing NAT and BGP dynamic routes. I do have the follwing configuration with works perfectly.

interface GigabitEthernet0/0.150

encapsulation dot1Q 150

ip address 90.90.90.33 255.255.255.0

ip nat outside

ip virtual-reassembly

!

interface GigabitEthernet0/0.160

encapsulation dot1Q 160

ip address 90.90.100.33 255.255.255.0

ip nat outside

ip virtual-reassembly

!

interface GigabitEthernet0/1.204

encapsulation dot1Q 204

ip address 100.230.64.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip routing

!

ip nat inside source list NAT2A interface GigabitEthernet0/0.150 overload

ip nat inside source list NAT2B interface GigabitEthernet0/0.160 overload

ip route 90.1.1.0 255.255.255.0 90.90.90.32

ip route 90.1.2.0 255.255.255.0 90.90.100.32

!

ip access-list extended NAT2A

permit ip 100.230.64.0 0.0.0.255 90.1.1.0 0.0.0.255

ip access-list extended NAT2B

permit ip 100.230.64.0 0.0.0.255 90.1.2.0 0.0.0.255

!

Now i would like to replace the static routes to BGP dynamic routes. If i do so (remove the static routes and add BGP) natting is not working any more. I seems to be that NAT will not work with non static routes. BGP in advertising all nessesary routes but NAT will not used them. Does any body know a solution for this.

Kind Regards

milan.kulik · ‎11-15-2012

Hi,

NAT should be working no matter if static or dynamic routing being used.

You just need to get proper routes on all sites.

I understand if you remove the static routes you are getting the routes for 90.1.1.0/24 and 90.1.2.0/24 via BGP?

As you are using the interface IP addresses as the global NATed addresses - are you able to Ping the target hosts in 90.1.1.0/24 and 90.1.2.0/24 from the router (source address 90.90.90.33 or 90.90.100.33)?

If not:

Are you enabling BGP just on your site or also on the remote site at the same time?

Isn't also some kind of NAT applied on the remote site?

How does you BGP peering look like exactly?

HTH,

Milan

Raju Sekharan · ‎11-15-2012

Hi

You need to check if BGP is installing those routes in routing table

Please check if the routes are there in routing table when you configure BGP instead of ststic route

show ip route 90.1.1.0

Show ip route 90.1.2.0

Thank you

Raju

ICFCISCO1 · ‎11-15-2012

Hi,

I am only do NAT on this router.
BGP Peering is ok.

Routing is working fine with BGP routes. (without NAT)
Routing table is fine on both sides.
Ping is working too. (Without Nat also from End2End. Routed)

Notice:

i do not have any default route. Does even not work if i have one

Some details of the Router

Cisco 2901 512Ram 256Flash

c2900-universalk9-mz.SPA.150-1.M2.bin (now running this IOS. NAT only working with static routes)

c2900-universalk9-mz.SPA.150-1.M4.bin (before running this IOS. NAT only working with static routes)

Since this so such a easy setup and i am doing NAT/Routing/BGP on may of my routers (frist time NAT + BGP) it do not understand why this is not working.

Raju Sekharan · ‎11-15-2012

Hi Andre,

did you check show ip nat translations to see if nating was happening?

if you are not seeing nat translations, we need to debug this

deb ip nat

Thank you

Raju

milan.kulik · ‎11-16-2012

Hi,

I suppose you are peering with 90.90.90.32 and 90.90.100.32 BGP neighbours?

And the BGP routes for 90.1.1.0/24 and 90.1.2.0/24 are showing them as the next-hops?

BR,

Milan