Solved: OSPF and NAT Problems

martinezaw · ‎10-13-2008

I am doing a lab with two 2600 routers with OSPF and NAT. For some reason, the "remote" router for some reason isn't seeing my NAT's block of IP addresses. Can anyone look at my config below and tell what could be wrong?

hostname ACME

!

ip ssh version 1

!

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0

ip address 200.0.0.6 255.255.255.252

!

interface Serial0/1

no ip address

shutdown

!

interface Serial0/2

no ip address

shutdown

!

interface Serial0/3

no ip address

shutdown

!

interface FastEthernet1/0

no ip address

duplex auto

speed auto

shutdown

!

interface FastEthernet1/1

no ip address

duplex auto

speed auto

shutdown

!

router ospf 1

log-adjacency-changes

network 200.0.0.4 0.0.0.3 area 0

network 64.64.64.0 0.0.0.255 area 0

!

ip nat pool acme_access 64.64.64.1 64.64.64.254 netmask 255.255.255.0

ip nat inside source list 1 pool acme_access

ip classless

!

access-list 1 permit 10.0.0.0 0.0.0.255

!

line con 0

line vty 0 4

login

!

end

BTW... OSPF works with just using the private addresses, but as soon as I try to introduce NAT...>poof<... no connectivity.

Jon Marshall · ‎10-13-2008

The network command under OSPF configuration does not tell OSPF to advertise that network. It tells OSPF to run OSPF on any interface that falls under the 64.64.64.0/24 ip range.

You will need an interface from that range. You can use a loopback address for this

int loopback 10

ip address 64.64.64.1 255.255.255.0

ip ospf network point-to-point

Note that you need the "ip ospf network point-to-point" line otherwise OSPF will advertise a host route for the loopback.

Jon

View solution in original post

Jon Marshall · ‎10-13-2008

Glad you got it working.

The network statement does the same thing under EIGRP/RIP as it does under OSPF. So yes you would need to create an interface but you don't need an equivalent to the ""ip ospf network point-to-point" as it is a specific thing to OSPF that loopbacks get advertised as host routes by default.

Jon

View solution in original post

Jon Marshall · ‎10-13-2008

The network command under OSPF configuration does not tell OSPF to advertise that network. It tells OSPF to run OSPF on any interface that falls under the 64.64.64.0/24 ip range.

You will need an interface from that range. You can use a loopback address for this

int loopback 10

ip address 64.64.64.1 255.255.255.0

ip ospf network point-to-point

Note that you need the "ip ospf network point-to-point" line otherwise OSPF will advertise a host route for the loopback.

Jon

martinezaw · ‎10-13-2008

I have actually updated the config:

hostname ACME

!

ip ssh version 1

!

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0

ip address 200.0.0.6 255.255.255.252

ip nat outside

!

interface Serial0/1

no ip address

shutdown

!

interface Serial0/2

no ip address

shutdown

!

interface Serial0/3

no ip address

shutdown

!

interface FastEthernet1/0

no ip address

duplex auto

speed auto

shutdown

!

interface FastEthernet1/1

no ip address

duplex auto

speed auto

shutdown

!

router ospf 1

log-adjacency-changes

network 200.0.0.4 0.0.0.3 area 0

network 64.64.64.0 0.0.0.255 area 0

!

ip nat pool acme_access 64.64.64.1 64.64.64.254 netmask 255.255.255.0

ip nat inside source list 1 pool acme_access

ip classless

!

access-list 1 permit 10.0.0.0 0.0.0.255

!

line con 0

line vty 0 4

login

!

end

Jon... thanks for responding! I will try out your config change when I get access on the routers again... which hopefull will be tonight

Jon Marshall · ‎10-13-2008

Not sure what you mean here ?

martinezaw · ‎10-13-2008

I realized that on the first config I posted, I did not have ip nat inside and ip nat outside on the appropriate interfaces, so I added that to the second config I posted.... just in case somebody tried to point that out to me.

I can't wait to try out your solution though. Thanks, again!

Jon Marshall · ‎10-13-2008

Oh okay, no problem. Let me know how you get on.

Jon

martinezaw · ‎10-13-2008

It worked!!

Thanks A LOT Jon!

It even worked with me running VLANs. Cool.

One more thing though... what if the protocol I used was EIGRP or RIP? Would I still have to have a loopback address and if so, is there an equivalent EIGRP / RIP command for "ip ospf network point-to-point"...as in a command that does the same thing for those protocols?

Jon Marshall · ‎10-13-2008

Glad you got it working.

The network statement does the same thing under EIGRP/RIP as it does under OSPF. So yes you would need to create an interface but you don't need an equivalent to the ""ip ospf network point-to-point" as it is a specific thing to OSPF that loopbacks get advertised as host routes by default.

Jon