RE: BGP adj down when activating NAT outside

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Aug 17 2004 - 11:49:09 GMT-3

• Next message: Joseph D. Phillips: "Re: IPSO - RFC 1108"
• Previous message: thunai: "RE: ISIS & OSPF"
• Maybe in reply to: Edi Guntoro: "BGP adj down when activating NAT outside"
• Next in thread: Edi Guntoro: "RE: BGP adj down when activating NAT outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Edi,

        Do something like this:

Access-list 100 deny tcp any any eq bgp
Access-list 100 deny tcp any eq bgp any
Access-list 100 permit ip any any
!
Ip nat inside source list 100 interface FastEthernet0/1 overload

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Edi Guntoro
> Sent: Tuesday, August 17, 2004 5:12 AM
> To: Lee Donald; ccielab@groupstudy.com
> Subject: RE: BGP adj down when activating NAT outside
>
> Thanks Lee,
> Here is the config, my understanding that the access-list will not
deny
> any bgp session or am I wrong ?
>
> interface FastEthernet0/0
> ip address 204.12.1.6 255.255.255.0
> ip nat inside
> ip router isis
> duplex auto
> speed auto
> isis circuit-type level-2-only
> !
> interface FastEthernet0/1
> ip address 54.1.8.6 255.255.255.0
> ip nat outside
> ip router isis
> duplex auto
> speed auto
> isis circuit-type level-1
> !
> ip nat inside source list 1 interface FastEthernet0/1 overload
> !
> access-list 1 permit any
>
> Rgds,
> Edi
>
>
> -----Original Message-----
> From: Lee Donald [mailto:Lee.Donald@t-systems.co.uk]
> Sent: Tuesday, August 17, 2004 4:33 PM
> To: Edi Guntoro; ccielab@groupstudy.com
> Subject: RE: BGP adj down when activating NAT outside
>
>
> Because Nat changes the TCP port aswell. The access-list that NAT
refers
> too, alter that and deny the BGP peer in the NAT list, and that should
> work.
>
>
>
> -----Original Message-----
> From: Edi Guntoro [mailto:eguntoro@sisindosat.co.id]
> Sent: 17 August 2004 10:20
> To: ccielab@groupstudy.com
> Subject: BGP adj down when activating NAT outside
>
> Hi all,
> Just curious why when I enable nat outside to the interface connecting
> to bgp speaker the the adjancy won't up. Is there any correlation ?
Any
> advice will be appreciated.
>
> Thanks
> Edi
>
> Rack1R6#sh ip bgp sum
> BGP router identifier 150.1.6.6, local AS number 100
> BGP table version is 14, main routing table version 14
> 13 network entries using 1313 bytes of memory
> 23 path entries using 1104 bytes of memory
> 8 BGP path attribute entries using 480 bytes of memory
> 1 BGP rrinfo entries using 24 bytes of memory
> 3 BGP AS-PATH entries using 72 bytes of memory
> 1 BGP community entries using 24 bytes of memory
> 0 BGP route-map cache entries using 0 bytes of memory
> 0 BGP filter-list cache entries using 0 bytes of memory
> BGP using 3017 total bytes of memory
> BGP activity 13/0 prefixes, 23/0 paths, scan interval 60 secs
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> State/PfxRcd
> 54.1.8.254 4 54 0 3 0 0 0 never
> OpenSent ---------- with nat enable
> 150.1.3.3 4 100 14 13 14 0 0 00:05:44
> 13
> 204.12.1.254 4 54 14 10 14 0 0 00:05:54
> 10
>
> Rack1R6(config-if)#no ip nat outside
> Rack1R6(config-if)#exi
> Rack1R6(config)#exi
> Rack1R6#clea ip bgp 54.1.8.254
> Rack1R6#
> *Aug 16 14:13:36.083: %BGP-5-ADJCHANGE: neighbor 54.1.8.254 Up
> Rack1R6#
> Rack1R6#sh ip bgp sum
> BGP router identifier 150.1.6.6, local AS number 100
> BGP table version is 14, main routing table version 14
> 13 network entries using 1313 bytes of memory
> 33 path entries using 1584 bytes of memory
> 10 BGP path attribute entries using 600 bytes of memory
> 1 BGP rrinfo entries using 24 bytes of memory
> 3 BGP AS-PATH entries using 72 bytes of memory
> 1 BGP community entries using 24 bytes of memory
> 0 BGP route-map cache entries using 0 bytes of memory
> 0 BGP filter-list cache entries using 0 bytes of memory
> BGP using 3617 total bytes of memory
> BGP activity 13/0 prefixes, 33/0 paths, scan interval 60 secs
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> State/PfxRcd
> 54.1.8.254 4 54 9 13 14 0 0 00:01:38
> 10
> 150.1.3.3 4 100 17 16 14 0 0 00:08:42
> 13
> 204.12.1.254 4 54 17 13 14 0 0 00:08:52
> 10
> Rack1R6#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> Rack1R6(config)#
> Rack1R6(config)#int f0/1
> Rack1R6(config-if)#ip nat
> Rack1R6(config-if)#ip nat ou
> Rack1R6(config-if)#ip nat outside
> Rack1R6(config-if)#
> *Aug 16 14:15:37.311: %BGP-5-ADJCHANGE: neighbor 54.1.8.254 Down Peer
> closed the session
>
>

• Next message: Joseph D. Phillips: "Re: IPSO - RFC 1108"
• Previous message: thunai: "RE: ISIS & OSPF"
• Maybe in reply to: Edi Guntoro: "BGP adj down when activating NAT outside"
• Next in thread: Edi Guntoro: "RE: BGP adj down when activating NAT outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:44 GMT-3