I bet there is a lab for that !!!!!
On Mon, Nov 21, 2011 at 10:27 AM, Bernard Steven <buny.steven_at_gmail.com>wrote:
> Thank you Sir !
>
> Realy appriciate , will get a window to do it tomorrow night. Would like
> to test it some where before deploying.
>
> Just one question , if an interface is lable switching , can the NAT
> statements look for the source / destinations inside the packet ? or is it
> because of PHP ? Bugging me for some time , the VPN traffic should carry
> the mp bgp tag till the egress router , so does nat takes place after pop ?
>
> May be i more reading....
>
> Thanks a lot
>
> On Mon, Nov 21, 2011 at 1:22 PM, Narbik Kocharians <narbikk_at_gmail.com
> >wrote:
>
> > Sorry for a long post, and please excuse the typos.
> >
> > I think this is what you are looking for and i hope it helps
> >
> > *Lab Setup:*
> >
> > R1 (A CE router) is in SITE-1, and R5 (Another CE router) is configured
> in
> > SITE-2
> >
> > R1 (CE) and R3 (PE) are connected via their S0/1 interfaces.
> >
> > R3 (PE) and R2 (P) are connected via their F0/0 interface.
> >
> > R2 (P) and R4 (The other PE) are connected via their F0/1 interface.
> >
> > R4 (PE) and R5 (The other CE) are connected via their S0/1 interface.
> >
> > *IP addressing:*
> >
> > R1 (CE) and R5 (The other CE) have the following Loopback interfaces:
> >
> > *Lo1 10.1.1.1/32 **` Server-1*
> >
> > *Lo2 10.1.1.2/32 **` Host-2*
> >
> > *Lo3 10.1.1.3/32 **` Host-3*
> >
> > *Lo4 10.1.1.4/32 **` Host-4*
> >
> > *Lo5 10.1.1.5/32 **` Host-5** *
> >
> > *The connection between the routers:*
> >
> > *(R1) S0/1 100.1.13.1/24 -------------- 100.1.13.3/24 ---- S0/1 (R3)*
> >
> > *(R3) F0/0 100.1.23.2/24 -------------- 100.1.23.3/24 ---- F0/0 (R2)*
> > *(R2) F0/1 100.1.24.2/24 --------------
> > 100.1.24.4/24 ---- F0/1 (R4)*
> > *(R4) S0/1 100.1.45.4/24 --------------
> > 100.1.45.5/24 ---- S0/1 (R5)*
> >
> > *IP Address of the loopback interfaces:*
> >
> > *R2 s Loopback 0 = 2.2.2.2/32*
> >
> > *R3 s Loopback 0 = 3.3.3.3/32*
> > *R4 s Loopback 0 = 4.4.4.4/32 *
> >
> > **
> > *Task 1*
> > **
> > Configure OSPF on the core routers (R2, R3 and R4); you should run OSPF
> > area 0 on the F0/0 interfaces of R2 and R3, the F0/1 interfaces of R2 and
> > R4, and the Loopback 0 interfaces of R2, R3 and R4. The CE routers, R1
> and
> > R5 should be configured with a static default route pointing to their
> next
> > hop router.
> >
> >
> > * *
> >
> > *To configure the CE routers:*
> >
> >
> >
> > *On R1*
> >
> >
> >
> > R1(config)#*IP route 0.0.0.0 0.0.0.0 100.1.13.3*
> >
> >
> >
> > *On R5*
> >
> >
> >
> > R5(config)#*IP route 0.0.0.0 0.0.0.0 100.1.45.4*
> >
> > * *
> >
> > *To configure the core routers:*
> >
> >
> >
> > *On R2*
> >
> >
> >
> > R2(config)#*Router ospf 1*
> >
> > R2(config-router)#*Netw 2.2.2.2 0.0.0.0 area 0*
> >
> > R2(config-router)#*Netw 100.1.23.2 0.0.0.0 area 0*
> >
> > R2(config-router)#*Netw 100.1.24.2 0.0.0.0 area 0*
> >
> > * *
> >
> > *On R3*
> >
> >
> >
> > R3(config)#*Router ospf 1*
> >
> > R3(config-router)#*Netw 100.1.23.3 0.0.0.0 area 0*
> >
> > R3(config-router)#*Netw 3.3.3.3 0.0.0.0 area 0*
> >
> >
> >
> > *On R4*
> >
> >
> >
> > R4(config)#*Router ospf 1*
> >
> > R4(config-router)#*Netw 4.4.4.4 0.0.0.0 area 0*
> >
> > R4(config-router)#*Netw 100.1.24.4 0.0.0.0 area 0*
> >
> >
> >
> > *To verify the configuration:*
> >
> > * *
> >
> > *On R2*
> >
> > * *
> >
> > R2#*Show ip ospf neighbor*
> >
> >
> >
> > *Neighbor ID Pri State Dead Time Address
> Interface
> > *
> >
> > 4.4.4.4 1 FULL/BDR 00:00:33 100.1.24.4
> > FastEthernet0/1
> >
> > 3.3.3.3 1 FULL/BDR 00:00:33 100.1.23.3
> > FastEthernet0/0
> >
> >
> >
> > R2#*Show ip route ospf | Inc O*
> >
> > * *
> >
> > O 3.3.3.3 [110/2] via 100.1.23.3, 00:10:53, FastEthernet0/0
> >
> > O 4.4.4.4 [110/2] via 100.1.24.4, 00:10:35, FastEthernet0/1
> >
> > *Task 2*
> >
> > **
> >
> > Configure LDP between the core routers. These routers should use their
> > Loopback0 interface as their LDP router-id.
> >
> >
> >
> >
> >
> > *On R2, R3 and R4*
> >
> >
> >
> > Rx(config)#*Mpls label protocol ldp*
> >
> > Rx(config)#*Mpls ldp router-id Lo0*
> >
> >
> >
> > *On R3*
> >
> >
> >
> > R3(config)#*Int F0/0*
> >
> > R3(config-if)#*MPLS IP*
> >
> >
> >
> > *On R2*
> >
> >
> >
> > R2(config)#*Int F0/0*
> >
> > R2(config-if)#*MPLS IP*
> >
> >
> >
> > R2(config-if)#*Int F0/1*
> >
> > R2(config-if)#*MPLS IP*
> >
> >
> >
> > *On R4*
> >
> >
> >
> > R4(config)#*Int F0/1*
> >
> > R4(config-if)#*MPLS IP*
> >
> >
> >
> > *To Verify the configuration:*
> >
> > * *
> >
> > *On R2*
> >
> >
> >
> > R2#*Show mpls ldp neighbor***
> >
> >
> >
> > *Peer **LDP** Ident: 4.4.4.4:0*; Local LDP Ident 2.2.2.2:0
> >
> > TCP connection: 4.4.4.4.60890 - 2.2.2.2.646
> >
> > State: Oper; Msgs sent/rcvd: 9/10; Downstream
> >
> > Up time: 00:01:05
> >
> > LDP discovery sources:
> >
> > FastEthernet0/1, Src IP addr: 100.1.24.4
> >
> > Addresses bound to peer LDP Ident:
> >
> > 100.1.24.4 100.1.45.4 4.4.4.4
> >
> > *Peer **LDP** Ident: 3.3.3.3:0*; Local LDP Ident 2.2.2.2:0
> >
> > TCP connection: 3.3.3.3.18225 - 2.2.2.2.646
> >
> > State: Oper; Msgs sent/rcvd: 9/10; Downstream
> >
> > Up time: 00:01:00
> >
> > LDP discovery sources:
> >
> > FastEthernet0/0, Src IP addr: 100.1.23.3
> >
> > Addresses bound to peer LDP Ident:
> >
> > 100.1.23.3 100.1.13.3 3.3.3.3
> >
> >
> >
> > *On R3*
> >
> > * *
> >
> > R3#*Show mpls forwarding-table *
> >
> > * *
> >
> > *Local Outgoing Prefix Bytes tag Outgoing Next Hop *
> >
> > *tag tag or VC or Tunnel Id switched interface *
> >
> > 16 Pop tag 2.2.2.2/32 0 Fa0/0 100.1.23.2
> >
> > 17 Pop tag 100.1.24.0/24 0 Fa0/0 100.1.23.2
> >
> > 18 17 4.4.4.4/32 0 Fa0/0 100.1.23.2
> >
> >
> >
> > *Task 3*
> >
> > **
> >
> > Configure MP-BGP between R3 and R4 as they represent the Provider Edge
> > routers in this topology in AS 100. The ONLY BGP peering relationship
> > should be VPNV4. These two neighbors should use their Lo0 interfaces for
> > their peering.
> >
> >
> >
> >
> >
> > *On R3*
> >
> >
> >
> > R3(config)#*Router bgp 100*
> >
> > R3(config-router)#*Neighbor 4.4.4.4 remote-as 100*
> >
> > R3(config-router)#*Neighbor 4.4.4.4 update-source Lo0*
> >
> >
> >
> > R3(config-router)#*Address-family VPNV4 Unicast*
> >
> > R3(config-router-af)#*Neighbor 4.4.4.4 Act*
> >
> > R3(config-router-af)#*Neighbor 4.4.4.4 Send-community Ext*
> >
> >
> >
> > *On R4*
> >
> >
> >
> > R4(config)#*Router bgp 100*
> >
> > R4(config-router)#*Neighbor 3.3.3.3 remote-as 100*
> >
> > R4(config-router)#*Neighbor 3.3.3.3 update-source Lo0*
> >
> >
> >
> > R4(config-router)#*Address-family VPNV4 Unicast*
> >
> > R4(config-router-af)#*Neighbor 3.3.3.3 Act*
> >
> > R4(config-router-af)#*Neighbor 3.3.3.3 Send-community Ext*
> >
> >
> >
> > *To verify the configuration:*
> >
> > * *
> >
> > *On R3***
> >
> >
> >
> > R3#*Show ip bgp vpnv4 all Summary | B Neigh*
> >
> > * *
> >
> > *Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> > State/PfxRcd*
> >
> > 4.4.4.4 4 100 8 8 1 0 0 00:02:02
> > 0
> >
> >
> >
> > *Task 4*
> >
> > **
> >
> > Configure the following VRFs, RDs and route-targets on the PE routers:
> >
> >
> >
> > *Router*
> >
> > *VRF Name*
> >
> > *RD*
> >
> > *Route-Target*
> >
> > *Interface*
> >
> > R3
> >
> > aaa
> >
> > 1:10
> >
> > Route-target Both 151:100
> >
> > S0/1
> >
> > R4
> >
> > bbb
> >
> > 2:20
> >
> > Route-target Both 151:100
> >
> > S0/1
> >
> >
> >
> > *On R3*
> >
> >
> >
> > R3(config)#*IP VRF aaa*
> >
> > R3(config-vrf)#*RD 1:10*
> >
> > R3(config-vrf)#*Route-target Both 151:100*
> >
> >
> >
> > R3(config)#*Int S0/1*
> >
> > R3(config-if)#*IP VRF Forwarding aaa*
> >
> > R3(config-if)#*IP address 100.1.13.3 255.255.255.0*
> >
> >
> >
> > *On R4*
> >
> >
> >
> > R4(config)#*IP VRF bbb*
> >
> > R4(config-vrf)#*RD 2:20*
> >
> >
> >
> > R4(config-vrf)#*Route-target Both 151:100*
> >
> >
> >
> > R4(config)#*Int S0/1*
> >
> > R4(config-if)#*IP VRF Forwarding bbb*
> >
> > R4(config-if)#*IP address 100.1.45.4 255.255.255.0*
> >
> >
> >
> > *To verify the configuration:*
> >
> > * *
> >
> > *On R3*
> >
> > * *
> >
> > R3#*Show ip vrf detail *
> >
> >
> >
> > *VRF aaa; default RD 1:10*; default VPNID <not set>
> >
> > *Interfaces:*
> >
> > * Se0/1 *
> >
> > Connected addresses are not in global routing table
> >
> > *Export VPN route-target communities*
> >
> > * RT:151:100 *
> >
> > * Import VPN route-target communities*
> >
> > * RT:151:100 *
> >
> > No import route-map
> >
> > No export route-map
> >
> > VRF label distribution protocol: not configured
> >
> > VRF label allocation mode: per-prefix
> >
> >
> >
> > *On R4*
> >
> > * *
> >
> > R4#*Show ip vrf detail*
> >
> >
> >
> > *VRF bbb; default RD 2:20*; default VPNID <not set>
> >
> > *Interfaces:*
> >
> > * Se0/1 *
> >
> > Connected addresses are not in global routing table
> >
> > *Export VPN route-target communities*
> >
> > * RT:151:100 *
> >
> > * Import VPN route-target communities*
> >
> > * RT:151:100*
> >
> > No import route-map
> >
> > No export route-map
> >
> > VRF label distribution protocol: not configured
> >
> > VRF label allocation mode: per-prefix
> >
> >
> >
> > *Task 5*
> >
> > **
> >
> > Configure the routers such that the hosts in Site-1 can access the
> > server-1 in Site 2 and vice versa. You should configure the CE routers
> (R1
> > and R5). Use the following translation chart:
> >
> >
> >
> > *Rouer*
> >
> > *Inside Local*
> >
> > *Inside Global*
> >
> > *R1*
> >
> > *10.1.1.1*
> >
> > *10.1.1.2 10.1.1.5*
> >
> > *1.1.1.1*
> >
> > *1.1.1.2 1.1.1.5*
> >
> > R5
> >
> > 10.1.1.1
> >
> > 10.1.1.2 10.1.1.5
> >
> > 5.5.5.1
> >
> > 5.5.5.2 5.5.5.5
> >
> >
> >
> >
> >
> > *A static route for network 1.1.1.0 /24 is configured and redistributed
> > into the vrf aaa on R3. *
> >
> > *This is done to provide reachability to the hosts connected to R5.*
> >
> > * *
> >
> > *On R3*
> >
> >
> >
> > R3(config)#*IP Route** vrf aaa 1.1.1.0 255.255.255.0 100.1.13.1*
> >
> >
> >
> > R3(config)#*Router bgp 100*
> >
> > R3(config-router)#*Address-family IPv4 vrf aaa*
> >
> > R3(config-router-af)#*Redistribute Static*
> >
> > R3(config-router-af)#*Redistribute connected*
> >
> >
> >
> > *The same is configured on R4:*
> >
> >
> >
> > *On R4*
> >
> >
> >
> > R4(config)#*IP Route** vrf bbb 5.5.5.0 255.255.255.0 100.1.45.5*
> >
> >
> >
> > R4(config)#*Router bgp 100*
> >
> > R4(config-router)#*Address-family IPv4 vrf bbb*
> >
> > R4(config-router-af)#*Redistribute Static*
> >
> > R4(config-router-af)#*Redistribute Connected*
> >
> >
> >
> > *To verify the configuration:*
> >
> > * *
> >
> > *On R4*
> >
> >
> >
> > R4#*Show ip route vrf bbb | b Gate*
> >
> >
> >
> > Gateway of last resort is not set
> >
> >
> >
> > 1.0.0.0/24 is subnetted, 1 subnets
> >
> > *B 1.1.1.0 [200/0] via 3.3.3.3, **00:02:17***
> >
> > 100.0.0.0/24 is subnetted, 2 subnets
> >
> > C 100.1.45.0 is directly connected, Serial0/1
> >
> > B 100.1.13.0 [200/0] via 3.3.3.3, 00:02:17
> >
> > 5.0.0.0/24 is subnetted, 1 subnets
> >
> > S 5.5.5.0 [1/0] via 100.1.45.5
> >
> >
> >
> > *On R3*
> >
> >
> >
> > R3#*Show ip route vrf aaa | b Gate*
> >
> >
> >
> > Gateway of last resort is not set
> >
> >
> >
> > 1.0.0.0/24 is subnetted, 1 subnets
> >
> > S 1.1.1.0 [1/0] via 100.1.13.1
> >
> > 100.0.0.0/24 is subnetted, 2 subnets
> >
> > B 100.1.45.0 [200/0] via 4.4.4.4, 00:02:06
> >
> > C 100.1.13.0 is directly connected, Serial0/1
> >
> > 5.0.0.0/24 is subnetted, 1 subnets
> >
> > *B 5.5.5.0 [200/0] via 4.4.4.4, **00:02:06***
> >
> >
> >
> > *On R1*
> >
> >
> >
> > *The **NAT** Inside and Outside interfaces are defined:*
> >
> >
> >
> > R1(config)#*Int range Lo0 4*
> >
> > R1(config-if)#*IP **NAT** Inside*
> >
> >
> >
> > R1(config)#*Int S0/1*
> >
> > R1(config-if)#*IP **NAT** Outside*
> >
> >
> >
> > *The following command translates the inside source IP address of
> > 10.1.1.1 to 1.1.1.1 *
> >
> > *IP address:*
> >
> >
> >
> > R1(config)#*IP **NAT** inside source static 10.1.1.1 1.1.1.1*
> >
> >
> >
> > *An access-list is configured to identify the communication between
> > inside sources with *
> >
> > *destination IP addresses:*
> >
> >
> >
> > R1(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 5.5.5.0
> 0.0.0.255
> > *
> >
> >
> >
> > *The following configures a **NAT** pool that the inside hosts can use:*
> >
> >
> >
> > R1(config)#*IP Nat pool TST 1.1.1.2 1.1.1.5 Prefix-length 24 type
> > match-host*
> >
> > * *
> >
> > *The last step is to configure the inside sources identified in
> **ACL**100
> to use the
> > **NAT** pool *
> >
> > *called TST :*
> >
> >
> >
> > R1(config)#*IP **NAT** inside source list 100 pool TST*
> >
> >
> >
> > *On R5*
> >
> >
> >
> > R5(config-if)#*Int range Lo0 - 4*
> >
> > R5(config-if)#*IP **NAT** Inside*
> >
> >
> >
> > R5(config)#*Int S0/1*
> >
> > R5(config-if)#*IP **NAT** Outside*
> >
> >
> >
> > R5(config)#*IP **NAT** inside source static 10.1.1.1 5.5.5.1*
> >
> >
> >
> > R5(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 1.1.1.0
> 0.0.0.255
> > *
> >
> >
> >
> > R5(config)#*IP Nat pool TST 1.1.1.2 1.1.1.5 Prefix-length 24*
> >
> > R5(config)#*IP **NAT** inside source list 100 pool TST*
> >
> >
> >
> > *To verify the configuration:*
> >
> > * *
> >
> > *On R1*
> >
> >
> >
> > R1#*Ping** 5.5.5.1 source Lo0*
> >
> >
> >
> > Type escape sequence to abort.
> >
> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
> >
> > Packet sent with a source address of 10.1.1.1
> >
> > *!!!!!*
> >
> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 52/56/60 ms*
> >
> >
> >
> > R1#*Show ip nat translations *
> >
> >
> >
> > *Pro Inside global Inside local Outside local Outside
> > global*
> >
> > icmp 1.1.1.1:2 10.1.1.1:2 5.5.5.1:2 5.5.5.1:2
> >
> > --- 1.1.1.1 10.1.1.1 --- ---
> >
> > * *
> >
> > R1#*Ping** 5.5.5.1 Source Lo4*
> >
> >
> >
> > Type escape sequence to abort.
> >
> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
> >
> > Packet sent with a source address of 10.1.1.2
> >
> > *!!!!!*
> >
> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms*
> >
> >
> >
> > R1#*Sh ip nat translation *
> >
> >
> >
> > *Pro Inside global Inside local Outside local Outside
> > global*
> >
> > icmp 1.1.1.1:7 10.1.1.1:7 5.5.5.1:7 5.5.5.1:7
> >
> > --- 1.1.1.1 10.1.1.1 --- ---
> >
> > icmp 1.1.1.5:8 10.1.1.5:8 5.5.5.5:8 5.5.5.5:8
> >
> > --- 1.1.1.5 10.1.1.5 --- ---
> >
> >
> >
> > *Task 6*
> >
> > **
> >
> > **Remove the configuration from the previous step and configure the PE
> > routers to accomplish the same task.
> >
> >
> >
> >
> >
> > *On R1*
> >
> >
> >
> > R1(config)#*Int range Lo0 - 4*
> >
> > R1(config-if-range)#*NO** IP **NAT** Inside*
> >
> >
> >
> > R1(config)#*Int S0/1*
> >
> > R1(config-if)#*NO** IP **NAT** Outside*
> >
> >
> >
> > R1(config)#*No** Access-list 100*
> >
> > R1(config)#*NO** ip nat inside source static 10.1.1.1 1.1.1.1*
> >
> > R1(config)#*NO** ip nat inside source list 100 pool TST*
> >
> > R1(config)#*NO** ip nat pool TST 1.1.1.2 1.1.1.5 prefix-length 24*
> >
> >
> >
> > *On R5*
> >
> >
> >
> >
> >
> > R5(config)#*Int range Lo0 - 4*
> >
> > R5(config-if-range)#*NO** IP **NAT** Inside*
> >
> >
> >
> > R5(config)#*Int S0/1*
> >
> > R5(config-if)#*NO** IP **NAT** Outside*
> >
> >
> >
> > R5(config)#*NO** access-list 100*
> >
> > R5(config)#*NO** ip nat inside source static 10.1.1.1 5.5.5.1*
> >
> > R5(config)#*NO** ip nat inside source list 100 pool TST*
> >
> > R5(config)#*NO** ip nat pool TST 1.1.1.2 1.1.1.5 prefix-length 24*
> >
> >
> >
> > *NOTE: The configuration on the PE is identical to the configuration that
> > was performed *
> >
> > *on the CEs with one difference; on the PEs the VRF MUST be referenced.*
> >
> >
> >
> > *On R3*
> >
> >
> >
> > *The inside and outside interfaces are defined; the interface facing the
> > CE MUST be defined *
> >
> > *as inside, and the interface facing the core must be defined as
> outside.*
> >
> >
> >
> > R3(config)#*Int S0/1*
> >
> > R3(config-if)#*IP **NAT** Inside*
> >
> >
> >
> > R3(config)#*Int F0/0*
> >
> > R3(config-if)#*IP **NAT** Outside*
> >
> >
> >
> > *A Static **NAT** is configured to translate any traffic with a source IP
> > address of 10.1.1.1 to *
> >
> > *1.1.1.1 IP address IN VRF aaa :*
> >
> >
> >
> > R3(config)#*IP **NAT** inside source static 10.1.1.1 1.1.1.1 vrf aaa*
> >
> >
> >
> > *An access-list is configured to identify the communication between
> > inside sources with *
> >
> > *destination IP addresses:*
> >
> > * *
> >
> > R3(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 5.5.5.0
> 0.0.0.255
> > *
> >
> >
> >
> > *A **NAT** pool called TST is configured:*
> >
> >
> >
> > R3(config)#*IP **NAT** Pool TST 1.1.1.2 1.1.1.5 Prefix-length 24 Type
> > match-host*
> >
> > * *
> >
> > *The last step is to configure the inside sources identified in
> **ACL**100
> to use the
> > **NAT** pool called*
> >
> > * TST for VRF aaa :***
> >
> > * *
> >
> > R3(config)#*IP **NAT** inside source list 100 pool TST vrf aaa*
> >
> >
> >
> > *On R4*
> >
> >
> >
> >
> >
> > R4(config)#*Int S0/1*
> >
> > R4(config-if)#*IP **NAT** Inside*
> >
> >
> >
> > R4(config)#*Int F0/1*
> >
> > R4(config-if)#*IP **NAT** Outside*
> >
> >
> >
> > R4(config)#*IP **NAT** inside source static 10.1.1.1 5.5.5.1 vrf bbb*
> >
> >
> >
> > R4(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 1.1.1.0
> 0.0.0.255
> > *
> >
> >
> >
> > R4(config)#*IP **NAT** Pool TST 5.5.5.2 5.5.5.5 prefix-length 24 type
> > match-host*
> >
> > * *
> >
> > R4(config)#*IP **NAT** Inside source list 100 pool TST vrf bbb*
> >
> >
> >
> > *To verify the configuration:*
> >
> > * *
> >
> > *On R3*
> >
> >
> >
> > R3#*Show ip nat translations vrf aaa*
> >
> >
> >
> > *Pro Inside global Inside local Outside local Outside
> > global*
> >
> > --- 1.1.1.1 10.1.1.1 --- ---
> >
> >
> >
> > *To test the configuration:*
> >
> > * *
> >
> > *On R1*
> >
> >
> >
> > R1#*Ping** 5.5.5.1 Source Lo0*
> >
> >
> >
> > Type escape sequence to abort.
> >
> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
> >
> > Packet sent with a source address of 10.1.1.1
> >
> > *!!!!!*
> >
> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms*
> >
> >
> >
> > *On R3*
> >
> > * *
> >
> > R3#*Show ip nat translation vrf aaa*
> >
> >
> >
> > *Pro Inside global Inside local Outside local Outside
> > global*
> >
> > icmp 1.1.1.1:0 10.1.1.1:0 5.5.5.1:0 5.5.5.1:0
> >
> > --- 1.1.1.1 10.1.1.1 --- ---
> >
> >
> >
> > R1#*Ping** 5.5.5.1 Source Lo4*
> >
> >
> >
> > Type escape sequence to abort.
> >
> >
> >
> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
> >
> > Packet sent with a source address of 10.1.1.2
> >
> > *!!!!!*
> >
> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms*
> >
> >
> >
> > *On R3*
> >
> > * *
> >
> > R3#*Show ip nat translation vrf aaa*
> >
> >
> >
> > *Pro Inside global Inside local Outside local Outside
> > global*
> >
> > icmp 1.1.1.1:2 10.1.1.1:2 10.1.1.2:2 10.1.1.2:2
> >
> > --- 1.1.1.1 10.1.1.1 --- ---
> >
> > *icmp 1.1.1.5:1 10.1.1.5:1 5.5.5.5:1 5.5.5.5:1*
> >
> > *--- 1.1.1.5 10.1.1.5 --- ---***
> >
> >
> >
> > Have fun.
> >
> > **
> > **
> > **
> > **
> > **
> > **
> > **
> >
> > On Sun, Nov 20, 2011 at 6:06 PM, Bernard Steven
> <buny.steven_at_gmail.com>wrote:
> >
> >> Guys,
> >> Is there a way to do a nat between a vrf interface and traffic coming
> from
> >> an LDP enabled interface towards the core ?
> >> I am trying to NAT in a PE.One interface is towards a CE and the other
> >> interface is towards the P router.,
> >>
> >> The device does not support NVI , also vrf aware nat does not seem to
> >> help.
> >>
> >> My problem is it does not make sense to put an ip nat inside / outside
> >> statement in the interface towards the PE.
> >> Any thoughts ?
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > *Narbik Kocharians
> > *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> > *www.MicronicsTraining.com* <http://www.micronicstraining.com/>
> > Sr. Technical Instructor
> > YES! We take Cisco Learning Credits!
> > Training & Remote Racks available
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 21 2011 - 18:44:08 ART
This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 06:29:31 ART