Hi, We have a POP with ASR 1002 for BNG and CGNAT. The problem is with the configuration of cgnat, we can't access the cpe from outside of asr by interface of uplink. We tried to accept by using an access list, but without success. Follow the configuration: interface Port-channel1.1138 encapsulation dot1Q 1138 ip address 10.1.38.5 255.255.255.248 ip nat outside ! interface Virtual-Template1 mtu 1480 ip unnumbered Loopback0 ip nat inside ip tcp adjust-mss 1452 peer default ip address pool pool_cisco ipv6 enable ipv6 nd ra lifetime 21600 ipv6 nd ra interval 4 3 ipv6 dhcp server dhcpv6 ppp mtu adaptive ppp authentication pap ppp ipcp dns 22.214.171.124 ppp ipcp address required ppp ipcp address unique ppp timeout authentication 20 ! ip local pool pool_cisco 10.38.0.0 10.38.3.255 ip local pool pool_bloqueado 10.24.0.0 10.24.3.254 ip nat settings mode cgn no ip nat settings support mapping outside ip nat translation max-entries 247483647 ip nat pool nat_32 x.y.z.0 x.y.z.63 prefix-length 26 ip nat inside source list 1 pool nat_32 overload ip forward-protocol nd ! access-list 1 permit 10.38.0.0 0.0.3.255Â If we take out the setting "ip nat outside" of interface, we can access normally the cpe.
... View more