cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2723
Views
0
Helpful
50
Replies

Re: ISM with NAT44 - Need help with configuration

Hi Somnath/Harold,

How can I address this issue? Once I need to have my GRE tunnel and interface BE (

inside NAT traffic enters) on the same routing table. Can't I use the global table as my NAT IN?

Thanks

Renato

Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

The inside interface must be in a VRF but the outside interface can be in the global routing table.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

This is what you have so far (for NAT):

bundle-ether 2 (NAT_IN) -- ISM -- bundle-ether 21 (NAT_OUT).

Now, if you want to send the NAT'ed traffic over a GRE tunnel, you need to do the following:

bundle-ether 2 (NAT_IN) -- ISM -- bundle-ether 21 (NAT_OUT) -- loopback cable(s) -- bundle-ether 22 (BLUE) -- Tunnel-IP 101 (BLUE)

This is because as I mentioned earlier, ISM traffic cannot be sent to / come from GRE tunnel directly.

Let me know if that works.

regards,

Somnath.

Re: ISM with NAT44 - Need help with configuration

Hi Somnath,

Thank you for your attention again. Yes, that's the exactly the configurations I have, but the problem is, once

GRE tunnel currently only supports src/dst resolution in the global routing table and my

src/dst will be in routing table NAT_IN VRF, will I have to use MP-BGP to redistribute my

tunnel's src/dst from VRF NAT_IN to the global table?

Thanks in advance,

Renato Reis

Highlighted
Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

One way to solve this restriction would be to have two interfaces (physical or logical) connected to the network. One would be in teh VRF and the other in the global.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Re: ISM with NAT44 - Need help with configuration

Hi Harold,

You hit the nail right on the head, that's the same solution we found. Now I'm gathering some thoubleshootong commands to check if it's working and test it on a production enviroment.

Thank you Harold and Somnath !!!

Regards,

Renato

Re: ISM with NAT44 - Need help with configuration

HiSomnath Roy,

Is there a command that shows me the inside address, like show ip nat translations on regular IOS? Could you provide me some troubleshooting commands for CGN on ISM?

Thank you !

Renato

Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

You can use the following command:

show cgn nat44 nat1 outside-translation protocol udp outside-address <100.200.2.75> port start <1> end <65535>

Other commands useful would be:

show cgn nat44 inside-translation ...

show cgn nat44 pool-utilization ...

show cgn nat44 statistics ...

CCO documentation for all commands are available at - http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/command/reference/b_cgnat_cr42crs_chapter_01.html.

Please use the commands related to NAT44 as that is what you're using.

regards,

Somnath.

Re: ISM with NAT44 - Need help with configuration

Thank you Somnath !

[]'s

Renato Reis

Re: ISM with NAT44 - Need help with configuration

Hi Somnath,

Hope you are doing well ! Is there any MIB that I can use to monitor the NAT sessions and statistics?

Thanks in advance,

Renato Reis

Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

We do not support any CGN MIB yet.

You can possibly use some scripts to capture CLI output periodically.

regards,

Somnath.

Re: ISM with NAT44 - Need help with configuration

Thank you Somnath,

I have one more question, What is the impact of changing the [map outside-vrf NAT_OUT address-pool]? I'm asking that because I realized the router is using the network and also the broadcast address of the network I configured as my NAT pool as a valid IP address for translations, I guess I have to avoid it !

Thank you,

Renato

Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

Sorry, I could not get your question properly.

If you want to change the address pool while NAT traffic is going on, during the time you're changing the address, traffic will be dropped by CGv6 Application (with "No CGN Config" kind of message).

Once you configure new address pool, you may need to change your static route entry to divert O2I traffic properly.

It is ok to include .0 / .255 in the public IP pool (if that it what you're referring) - there should not be any issue.

regards,

Somnath.

Re: ISM with NAT44 - Need help with configuration

Hi Somnath,

Thank you again ! Actually I wondering if using .0 / .255 could be an issue thats why I asked of changing the address pool would be a problem. I'm glad there is no problem using the network and broadcast address.

PS: I'd like to thank you for all your help, now we have GCN with ISM working on a production environment.

Thanks,

Renato

Cisco Employee

Re: ISM with NAT44 - Need help with configuration

Hi Renato,

           

That is a great news ! Congratulations !!

Glad to help you out !

It would be great if you can post the final configuration that you're using for your deployment here along with some of the "show" command output (like, 'show cgn ...', 'show interfaces service* [accounting]', etc.).

regards,

Somnath.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards