Re: RE: NAT in vrf from Rich Collins on 2010-08-21 (Ccielab archives 08/2010)

From: Rich Collins <nilsi2002_at_gmail.com>
Date: Sat, 21 Aug 2010 17:56:27 -0400

Normally you would be translating the ip packets arriving on the
inside nat interface. Is that not your intention?

For example the inside network 172.16.5.0 /24

You can change your nat source list to reflect this and start your
ping from some other ip address in this range other than 172.16.5.5

-Rich

On Fri, Aug 20, 2010 at 11:39 AM, selamat pagi <ketimun_at_gmail.com> wrote:
> Thanks, unfortunately
> adding ip nat outside to LO 0 did not change anything, still no translation
>
>
> Below the config
>
> R5#sh run
> version 12.4
> !
> hostname R5
>
> ip cef
> !
> !
> ip vrf XYZ
> rd 131.5.5.5:19
> route-target export 131.5.5.5:9
> route-target import 131.5.1.1:1
> !
>
> mpls label protocol ldp
> !
> !
> interface Loopback0
> ip address 131.5.5.5 255.255.255.255
> ip nat outside
> ip virtual-reassembly
> !
> interface FastEthernet0/0
> ip vrf forwarding XYZ
> ip address 172.16.5.5 255.255.255.0
> ip nat inside
> ip virtual-reassembly
> duplex auto
> speed auto
> !
> !
> interface Serial0/1/0
> ip unnumbered Loopback0
> ip virtual-reassembly
> encapsulation ppp
> mpls ip
> !
> router bgp 5
> no bgp default ipv4-unicast
> bgp log-neighbor-changes
> neighbor 131.5.1.1 remote-as 1234
> neighbor 131.5.1.1 ebgp-multihop 3
> neighbor 131.5.1.1 update-source Loopback0
> neighbor 131.5.4.4 remote-as 1234
> !
> address-family ipv4
> neighbor 131.5.4.4 activate
> neighbor 131.5.4.4 send-community both
> no auto-summary
> no synchronization
> network 131.5.5.5 mask 255.255.255.255
> exit-address-family
> !
> address-family vpnv4
> neighbor 131.5.1.1 activate
> neighbor 131.5.1.1 send-community both
> exit-address-family
> !
> address-family ipv4 vrf XYZ
> redistribute connected
> no synchronization
> exit-address-family
> !
> ip forward-protocol nd
> ip route 131.5.1.1 255.255.255.255 131.5.4.4
> ip route vrf XYZ 131.5.9.9 255.255.255.255 131.5.4.4 global
> !
> ip bgp-community new-format
> !
> ip http server
> no ip http secure-server
> ip nat inside source list 155 interface Loopback0 vrf XYZ overload
> !
> ip access-list standard VLAN5
> permit 172.16.5.0 0.0.0.255
> !
> access-list 155 permit ip host 172.16.5.5 host 131.5.9.9
> !
> route-map VLAN5 permit 10
> match ip address VLAN5
> !
> !
> mpls ldp router-id Loopback0
> !
> !
> control-plane
> !
> line con 0
> exec-timeout 0 0
> line aux 0
> line vty 0 4
> login
> !
> scheduler allocate 20000 1000
> !
> end

Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 21 2010 - 17:56:27 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:53 ART