Re: BGP with NAT

From: Udo (ccie_groupstudy@yahoo.de)
Date: Sat Sep 16 2006 - 11:55:16 ART

• Next message: Gianpietro Lavado: "First 5 digits going to Peru :)"
• Previous message: midatlanticnet@gmail.com: "IP AUDIT"
• Maybe in reply to: xprtofnet: "BGP with NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Pierre

I'm confused about the question...please can you tell me what is inside
network and what is the bgp backbone ?
because this scenarium is also one of my tasks and I don't understand
what I should do...

thanks
udo

> "Any" does works. What does not work is "any any" in the last line of the
> access-list .
>
> Cannnot explain why though ...
>
> Here it is labbed:
>
> access-list 104 deny tcp host 192.168.14.1 eq bgp host 192.168.14.2
> access-list 104 deny tcp host 192.168.14.2 eq bgp host 192.168.14.1
> access-list 104 permit ip 192.168.15.0 0.0.0.255 any
>
>
> (192.168.14.1 and 192.168.14.2 are the ebgp hosts, 192.168.15.0/24 is a
> subnet in the inside network)
>
> Doing a ping from the inside subnet:
>
> r4#sh ip nat tr
> Pro Inside global Inside local Outside local Outside global
> icmp 192.168.14.1:174 192.168.15.1:174 150.1.2.2:174 150.1.2.2:174
> icmp 192.168.14.1:175 192.168.15.1:175 150.1.2.2:175 150.1.2.2:175
> icmp 192.168.14.1:176 192.168.15.1:176 150.1.2.2:176 150.1.2.2:176
> icmp 192.168.14.1:177 192.168.15.1:177 150.1.2.2:177 150.1.2.2:177
> icmp 192.168.14.1:178 192.168.15.1:178 150.1.2.2:178 150.1.2.2:178
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> State/PfxRcd
> 192.168.14.2 4 200 30 31 6 0 0 00:09:05
> 1 ---------------> UP for 9 minutes
>
> NB: if you use "any any" in the last line of the access-list you get
>
> r4#sh ip nat tr
> Pro Inside global Inside local Outside local Outside global
> tcp 192.168.14.1:1030 192.168.14.1:45549 192.168.14.2:179
> 192.168.14.2:179
>
> and then
>
> r4#
> *Mar 1 02:52:43.512: BGP: 192.168.14.2 open active, local address
> 192.168.14.1
> *Mar 1 02:52:43.520: BGP: 192.168.14.2 open failed: Connection refused by
> remote host
>
>
>
>
>
>
> ----- Original Message -----
> From: "shha" <shha77@gmail.com>
> To: "xprtofnet" <xprtofnet@yahoo.com>
> Cc: "Brian Dennis" <bdennis@internetworkexpert.com>; "ccielab"
> <ccielab@groupstudy.com>
> Sent: Friday, September 15, 2006 1:17 AM
> Subject: Re: BGP with NAT
>
>
> > or add
> > ip nat inside source static tcp x.x.x.x 179 x.x.x.x 179
> >
> >
> >
> > On 9/14/06, shha <shha77@gmail.com> wrote:
> >>
> >> change access-list point to inside netwok, don't use any to solve the
> >> problem
> >>
> >>
> >> On 9/14/06, xprtofnet <xprtofnet@yahoo.com> wrote:
> >> >
> >> > this is also working..
> >> >
> >> > !
> >> > ip nat pool a 220.0.0.1 220.0.0.1 netmask
> >> > 255.255.255.0
> >> > ip nat inside source list 1 pool a
> >> > !
> >> > access-list 1 permit any
> >> >
> >> >
> >> >
> >> > --- Brian Dennis < bdennis@internetworkexpert.com>
> >> > wrote:
> >> >
> >> > > What does your ACL look like?
> >> > >
> >> > > Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> >> > > bdennis@internetworkexpert.com
> >> > >
> >> > > Internetwork Expert, Inc.
> >> > > http://www.InternetworkExpert.com
> >> > > <http://www.internetworkexpert.com/>
> >> > > Toll Free: 877-224-8987
> >> > > Direct: 775-745-6404 (Outside the US and Canada)
> >> > >
> >> > >
> >> > > -----Original Message-----
> >> > > From: nobody@groupstudy.com
> >> > > [mailto:nobody@groupstudy.com] On Behalf Of
> >> > > xprtofnet
> >> > > Sent: Thursday, September 14, 2006 1:50 PM
> >> > > To: xprtofnet; ccielab
> >> > > Subject: Re: BGP with NAT
> >> > >
> >> > > got it---overload was doing port translation.
> >> > >
> >> > > following works---any other inputs are welcome
> >> > >
> >> > > on R1
> >> > >
> >> > > ip nat pool a 220.0.0.1 220.0.0.1 netmask
> >> > > 255.255.255.0 type rotary ip
> >> > > nat inside source list 1 pool a
> >> > >
> >> > > --- xprtofnet <xprtofnet@yahoo.com> wrote:
> >> > >
> >> > > > Folks,
> >> > > >
> >> > > > here is the scenario..
> >> > > >
> >> > > > Back-Bone_OUTSIDE_e0/2_R1-e0/0--INSIDE network
> >> > > >
> >> > > > R1 and BackBone has eBGP connection
> >> > > >
> >> > > > Inside Networks are NOT advertised to BackBone
> >> > > >
> >> > > > But communication needs to happen with Backbone
> >> > > and INSIDE network
> >> > > >
> >> > > > when i do this on R1 the eBGP session drops
> >> > > >
> >> > > > R1
> >> > > > ip nat inside source list 1 interface e0/2
> >> > > overload
> >> > > >
> >> > > > e0/2
> >> > > > ip nat outside
> >> > > >
> >> > > > e0/1
> >> > > > ip nat inside
> >> > > >
> >> > > > Any tips on how to keep BGP UP ? and have NAT
> >> > > working ?
> >> > > >
> >> > > > Thank you,
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > > __________________________________________________
> >> > > > Do You Yahoo!?
> >> > > > Tired of spam? Yahoo! Mail has the best spam
> >> > > protection around
> >> > > > http://mail.yahoo.com
> >> > > >
> >> > > >
> >> > >
> >> > _______________________________________________________________________
> >> > > > Subscription information may be found at:
> >> > > > http://www.groupstudy.com/list/CCIELab.html
> >> > > >
> >> > >
> >> > >
> >> > > __________________________________________________
> >> > > Do You Yahoo!?
> >> > > Tired of spam? Yahoo! Mail has the best spam
> >> > > protection around
> >> > > http://mail.yahoo.com
> >> > >
> >> > >
> >> > _______________________________________________________________________
> >> > > Subscription information may be found at:
> >> > > http://www.groupstudy.com/list/CCIELab.html
> >> > >
> >> >
> >> >
> >> > __________________________________________________
> >> > Do You Yahoo!?
> >> > Tired of spam? Yahoo! Mail has the best spam protection around
> >> > http://mail.yahoo.com
> >> >
> >> > _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.405 / Virus Database: 268.12.3/447 - Release Date: 9/13/2006
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Gianpietro Lavado: "First 5 digits going to Peru :)"
• Previous message: midatlanticnet@gmail.com: "IP AUDIT"
• Maybe in reply to: xprtofnet: "BGP with NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART