Re: NAT Config from Mirco Orlandi on 2010-08-19 (Ccielab archives 08/2010)

From: Mirco Orlandi <mirco.orlandi_at_gmail.com>
Date: Thu, 19 Aug 2010 16:06:26 +0200

Shiran,
inside2outside nat is performed after routing lookup.
Watch VPN_A routing table and be sure your destination is reachable toward
outside int.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Your translation table shows a lot of translation originated by
outside2inside nat.
NAT works in this direction because it is performed before routing lookup.
Ports 646 and 179 are involved (LDP and BGP), and I think this is not what
you want to do.
Try to restrict your route-map to deny NAT for that traffic.

"ip nat inside" and "ip nat outside" are configured properly. You don't need
ip nat outside on loopback int.
I labbed it in a little mpls vpn environment, and it works fine.

Also in my lab "show ip nat translation [vrf]" does not works fine. Global
show is always equal to vrf show.

[obviously] because this is a dynamic translation, you have to generate
traffic to populate translations table.

keep me informed on your progress.
Regards,
-mirco.

On Thu, Aug 19, 2010 at 7:34 AM, shiran guez <shiranp3_at_gmail.com> wrote:

> no, outside is on the interface that you do the nat local translation the
> ethernet interface is not relevant to your translation path on the router.
>
> Try it
>
> On Thu, Aug 19, 2010 at 12:14 AM, Edward John <
> edwardjohn2020_at_googlemail.com
> > wrote:
>
> > Shiran,
> >
> > I am confused.. "IP NAT OUTSIDE" to be configured on the interface, which
> > is going to receive the return traffic (in source NAT case). Here it is
> mpls
> > core facing interface.. Whats wrong in that?
> >
> > Karim,
> >
> > I will try as you suggested..
> >
> > Regards,
> > John
> >
> >
> >
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1 JNCIA-ER CCIE #20572
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3
> http://twitter.com/cciep3
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 19 2010 - 16:06:26 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART