Re: IEWB - VOL 1 , LAB 1 , Q 12.8

From: Arun Arumuganainar (aarumuga@hotmail.com)
Date: Wed Apr 05 2006 - 11:30:43 GMT-3

• Next message: Brian McGahan: "RE: Poor-man's CCIE rack"
• Previous message: Guyler, Rik: "RE: OT: VPN redundancy"
• Maybe in reply to: Mohammed Shameen Abdul Jabbar: "IEWB - VOL 1 , LAB 1 , Q 12.8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you are using 12.1 or later You might need to use an Extended ACL . Your
Sample config might look like this .

interface Ethernet 1
 IP address 204.12.1.1 255.255.255.0
 IP nat outside
 !
IP nat inside source list 105 interface Ethernet 1 overload
access-list 105 permit IP 183.1.0.0 0.0.255.255 any

Pls. Note : Pls. use extended ACL instead of Standard ACL .

Why it is happening here ???
~~~~~~~~~~~~~~~~~~~
Actually when Outside NAT is enabled on interface . And if an incoming
packet is received , router tries to refer to NAT table . If entry is there
the packet is forwarded otherwise it is dropped . Pls. Note : Following this
logic your BGP packets are continuously dropped and it never reaches the
router at all !!!

With Extended ACL the behavior is slightly different ...if no matching entry
is found in the nat table , it is handed over to processor with the
assumption that packet is destined for the interface .

Pls. let me know if this work around solves the problem .

Thanks and Regards
Arun

----- Original Message -----
From: "Mohammed Shameen Abdul Jabbar" <ccie.xpert@gmail.com>
To: "Petr Lapukhov" <petrsoft@gmail.com>
Cc: "Cisco certification" <ccielab@groupstudy.com>
Sent: Wednesday, April 05, 2006 2:13 PM
Subject: Re: IEWB - VOL 1 , LAB 1 , Q 12.8

> Thanx Petr for your reply. It was a problem with an extra access-list.
> The problem of BGP neighbor formation is solved.
>
> I have a diffrent issue now.
> As per the lab requirements, " BB3 and its customers should not have
> specific reachability information about your network.Instead, BB3
> should only have reachability to the network behind R3, if a
> connection is initiated from inside R3 network"
>
> This is not happening. I am able to ping the IPs behind R3 even if a
> connection is not initiated from the network behind R3.
>
> The routing table of BB3 is as follows:
> BB3#sh ip route
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
> i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
> * - candidate default, U - per-user static route, o - ODR
> P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> C 204.12.1.0/24 is directly connected, Ethernet0
> 2.0.0.0/24 is subnetted, 1 subnets
> B 2.2.2.0 [20/0] via 204.12.1.3, 00:21:07
> 3.0.0.0/24 is subnetted, 1 subnets
> C 3.3.3.0 is directly connected, Loopback0
> 54.0.0.0/24 is subnetted, 1 subnets
> B 54.1.1.0 [20/0] via 204.12.1.3, 00:21:07
> 172.21.0.0/32 is subnetted, 1 subnets
> B 172.21.1.1 [20/0] via 204.12.1.3, 00:21:07
> 10.0.0.0/24 is subnetted, 1 subnets
> C 10.10.10.0 is directly connected, Loopback10
> 183.1.0.0/24 is subnetted, 6 subnets
> B 183.1.58.0 [20/0] via 204.12.1.3, 00:21:08
> B 183.1.46.0 [20/0] via 204.12.1.3, 00:21:09
> B 183.1.17.0 [20/0] via 204.12.1.3, 00:21:09
> B 183.1.2.0 [20/0] via 204.12.1.3, 00:21:09
> B 183.1.0.0 [20/0] via 204.12.1.3, 00:21:09
> B 183.1.123.0 [20/0] via 204.12.1.3, 00:21:09
> B 192.10.1.0/24 [20/0] via 204.12.1.3, 00:21:09
> 150.1.0.0/24 is subnetted, 8 subnets
> B 150.1.7.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.6.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.5.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.4.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.3.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.2.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.1.0 [20/0] via 204.12.1.3, 00:21:09
> B 150.1.11.0 [20/0] via 204.12.1.3, 00:21:09
>
> The nat config on R3 is below:
>
> ip nat inside source list 2 interface Ethernet0/0 overload
> access-list 2 permit 183.1.0.0 0.0.255.255
>
> I am not sure whether i am meeting the requirments of the question here.
>
> On 4/5/06, Petr Lapukhov <petrsoft@gmail.com> wrote:
> > Hello,
> >
> > Provide your configuration snapshot, please.
> >
> > You probably forget to use "overload" keyword,
> > or something :)
> >
> > Petr
> >
> > 2006/4/5, Mohammed Shameen Abdul Jabbar <ccie.xpert@gmail.com>:
> > >
> > > Hi everyone,
> > >
> > > I am doin my IE labs.
> > >
> > > Host network -------- R3 ---EBGP--- BB3
> > >
> > > In the scenario I am in , it requires me to configure a NAT on R3 so
> > > that any IP behind R3 can communicate with BB3 but BB3 can only
> > > communicate with the IP's behind R3 only if a communication was
> > > initiated by hosts behind R3.
> > >
> > > If NAT is not configured everything works perfectly. The bgp session
> > > is established , the networks are advertised as required. But as soon
> > > as NAT is configured , the BGP session drops. And i loose all my
> > > NLRI's
> > >
> > > I know there's something wrong i am doing. I will just go through
> > > examples of BGP on www.cisco.com and will try to find out. Any inputs
> > > will be highly appreciated.
> > >
> > > regards
> > > shamin
> > >
> > >

• Next message: Brian McGahan: "RE: Poor-man's CCIE rack"
• Previous message: Guyler, Rik: "RE: OT: VPN redundancy"
• Maybe in reply to: Mohammed Shameen Abdul Jabbar: "IEWB - VOL 1 , LAB 1 , Q 12.8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3