RE: OSPF and NAT probleme

From: Danny.Andaluz@triaton-na.com
Date: Tue Apr 15 2003 - 18:27:36 GMT-3

• Next message: Scott M. Livingston: "Aggregating DSCP values"
• Previous message: Danny.Andaluz@triaton-na.com: "test"
• Maybe in reply to: FATHALLAH: "OSPF and NAT probleme"
• Next in thread: Daniel Garrity: "RE: OSPF and NAT probleme"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have seen the same exact thing. What I've found in research is that only
traffic passing through the router should be NAT'ed, but what I've seen is
that traffic generated by the router itself (ie: ospf hello's) is NAT'ed as
well. I had to tie my NATing to an access-list that had a "deny ospf any
any" in it. Then it worked.

ip nat inside source list 101 int s0/1 overload
access-list 101 deny ospf any any
Access-list 101 permit ip any any

-----Original Message-----
From: Lupi, Guy [mailto:Guy.Lupi@eurekanetworks.net]
Sent: Tuesday, April 15, 2003 3:51 PM
To: 'FATHALLAH'; Ccielab
Cc: Hasnaa YOULAL
Subject: RE: OSPF and NAT probleme

Not really sure why the adjacency would go down, but what about trying a
more specific access list, like:

ip nat inside source list 101 int s0/1
access-list 101 permit ip any host [r2's loopback]

-----Original Message-----
From: FATHALLAH [mailto:sfathallah@mail.cbi.net.ma]
Sent: Tuesday, April 15, 2003 11:48 AM
To: Ccielab
Cc: Hasnaa YOULAL
Subject: OSPF and NAT probleme

Hi group,

is there any known probleme when runing ospf and NAT?.

I have two router R1 an R2 ( part of lab ).
R1 run ospf in Interface s0/1 conncting it to R2
and an other frame interface Interface s0/0 to the rest of the network.

R2 also run ospf in interface connecting it to R1 and in loopback interface.

R1 and the rest of the network must see R2 loopback interface but don't
give the R2 the visibility of the network ( all route must be filtred ).
there is no probleme at this stage.

a question tel : without any configuration in R2 give all routers in the
network the possibility to ping R2 loopback interface.

my solution witch is the same as the personne who give the lab, is NAT in R1
:

Hostname R1
!
ip nat inside source list 1 int s0/1

!
Interface s0/0
ip nat inside
!
Interface s0/1
ip nat outside

! access-list 1 permit any

the ping work few time, then ospf adgency betwen R1 and R2 gos down.

Please can some one help me there.

• Next message: Scott M. Livingston: "Aggregating DSCP values"
• Previous message: Danny.Andaluz@triaton-na.com: "test"
• Maybe in reply to: FATHALLAH: "OSPF and NAT probleme"
• Next in thread: Daniel Garrity: "RE: OSPF and NAT probleme"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:53 GMT-3