hahahaha the funny thing is that you are correct.
On Mon, Nov 21, 2011 at 6:14 AM, me you <anunda19_at_gmail.com> wrote:
> I bet there is a lab for that !!!!!
>
> On Mon, Nov 21, 2011 at 10:27 AM, Bernard Steven <buny.steven_at_gmail.com>wrote:
>
>> Thank you Sir !
>>
>> Realy appriciate , will get a window to do it tomorrow night. Would like
>> to test it some where before deploying.
>>
>> Just one question , if an interface is lable switching , can the NAT
>> statements look for the source / destinations inside the packet ? or is it
>> because of PHP ? Bugging me for some time , the VPN traffic should carry
>> the mp bgp tag till the egress router , so does nat takes place after pop
>> ?
>>
>> May be i more reading....
>>
>> Thanks a lot
>>
>> On Mon, Nov 21, 2011 at 1:22 PM, Narbik Kocharians <narbikk_at_gmail.com
>> >wrote:
>>
>> > Sorry for a long post, and please excuse the typos.
>> >
>> > I think this is what you are looking for and i hope it helps
>> >
>> > *Lab Setup:*
>>
>> >
>> > R1 (A CE router) is in SITE-1, and R5 (Another CE router) is configured
>> in
>> > SITE-2
>> >
>> > R1 (CE) and R3 (PE) are connected via their S0/1 interfaces.
>> >
>> > R3 (PE) and R2 (P) are connected via their F0/0 interface.
>> >
>> > R2 (P) and R4 (The other PE) are connected via their F0/1 interface.
>> >
>> > R4 (PE) and R5 (The other CE) are connected via their S0/1 interface.
>> >
>> > *IP addressing:*
>>
>> >
>> > R1 (CE) and R5 (The other CE) have the following Loopback interfaces:
>> >
>> > *Lo1 10.1.1.1/32 **` Server-1*
>> >
>> > *Lo2 10.1.1.2/32 **` Host-2*
>> >
>> > *Lo3 10.1.1.3/32 **` Host-3*
>> >
>> > *Lo4 10.1.1.4/32 **` Host-4*
>> >
>> > *Lo5 10.1.1.5/32 **` Host-5** *
>> >
>> > *The connection between the routers:*
>> >
>> > *(R1) S0/1 100.1.13.1/24 -------------- 100.1.13.3/24 ---- S0/1 (R3)*
>> >
>> > *(R3) F0/0 100.1.23.2/24 -------------- 100.1.23.3/24 ---- F0/0 (R2)*
>> > *(R2) F0/1 100.1.24.2/24 --------------
>> > 100.1.24.4/24 ---- F0/1 (R4)*
>> > *(R4) S0/1 100.1.45.4/24 --------------
>> > 100.1.45.5/24 ---- S0/1 (R5)*
>> >
>> > *IP Address of the loopback interfaces:*
>> >
>> > *R2 s Loopback 0 = 2.2.2.2/32*
>> >
>> > *R3 s Loopback 0 = 3.3.3.3/32*
>> > *R4 s Loopback 0 = 4.4.4.4/32 *
>> >
>> > **
>> > *Task 1*
>> > **
>> > Configure OSPF on the core routers (R2, R3 and R4); you should run OSPF
>> > area 0 on the F0/0 interfaces of R2 and R3, the F0/1 interfaces of R2
>> and
>> > R4, and the Loopback 0 interfaces of R2, R3 and R4. The CE routers, R1
>> and
>> > R5 should be configured with a static default route pointing to their
>> next
>> > hop router.
>> >
>> >
>> > * *
>> >
>> > *To configure the CE routers:*
>> >
>> >
>> >
>> > *On R1*
>> >
>> >
>> >
>> > R1(config)#*IP route 0.0.0.0 0.0.0.0 100.1.13.3*
>> >
>> >
>> >
>> > *On R5*
>> >
>> >
>> >
>> > R5(config)#*IP route 0.0.0.0 0.0.0.0 100.1.45.4*
>> >
>> > * *
>> >
>> > *To configure the core routers:*
>> >
>> >
>> >
>> > *On R2*
>> >
>> >
>> >
>> > R2(config)#*Router ospf 1*
>> >
>> > R2(config-router)#*Netw 2.2.2.2 0.0.0.0 area 0*
>> >
>> > R2(config-router)#*Netw 100.1.23.2 0.0.0.0 area 0*
>> >
>> > R2(config-router)#*Netw 100.1.24.2 0.0.0.0 area 0*
>> >
>> > * *
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3(config)#*Router ospf 1*
>> >
>> > R3(config-router)#*Netw 100.1.23.3 0.0.0.0 area 0*
>> >
>> > R3(config-router)#*Netw 3.3.3.3 0.0.0.0 area 0*
>> >
>> >
>> >
>> > *On R4*
>> >
>> >
>> >
>> > R4(config)#*Router ospf 1*
>> >
>> > R4(config-router)#*Netw 4.4.4.4 0.0.0.0 area 0*
>> >
>> > R4(config-router)#*Netw 100.1.24.4 0.0.0.0 area 0*
>> >
>> >
>> >
>> > *To verify the configuration:*
>> >
>> > * *
>> >
>> > *On R2*
>> >
>> > * *
>> >
>> > R2#*Show ip ospf neighbor*
>> >
>> >
>> >
>> > *Neighbor ID Pri State Dead Time Address
>> Interface
>>
>> > *
>> >
>> > 4.4.4.4 1 FULL/BDR 00:00:33 100.1.24.4
>> > FastEthernet0/1
>> >
>> > 3.3.3.3 1 FULL/BDR 00:00:33 100.1.23.3
>> > FastEthernet0/0
>> >
>> >
>> >
>> > R2#*Show ip route ospf | Inc O*
>> >
>> > * *
>> >
>> > O 3.3.3.3 [110/2] via 100.1.23.3, 00:10:53, FastEthernet0/0
>> >
>> > O 4.4.4.4 [110/2] via 100.1.24.4, 00:10:35, FastEthernet0/1
>> >
>> > *Task 2*
>> >
>> > **
>>
>> >
>> > Configure LDP between the core routers. These routers should use their
>> > Loopback0 interface as their LDP router-id.
>> >
>> >
>> >
>> >
>> >
>> > *On R2, R3 and R4*
>> >
>> >
>> >
>> > Rx(config)#*Mpls label protocol ldp*
>> >
>> > Rx(config)#*Mpls ldp router-id Lo0*
>> >
>> >
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3(config)#*Int F0/0*
>> >
>> > R3(config-if)#*MPLS IP*
>> >
>> >
>> >
>> > *On R2*
>> >
>> >
>> >
>> > R2(config)#*Int F0/0*
>> >
>> > R2(config-if)#*MPLS IP*
>> >
>> >
>> >
>> > R2(config-if)#*Int F0/1*
>> >
>> > R2(config-if)#*MPLS IP*
>> >
>> >
>> >
>> > *On R4*
>> >
>> >
>> >
>> > R4(config)#*Int F0/1*
>> >
>> > R4(config-if)#*MPLS IP*
>> >
>> >
>> >
>> > *To Verify the configuration:*
>> >
>> > * *
>> >
>> > *On R2*
>> >
>> >
>> >
>> > R2#*Show mpls ldp neighbor***
>> >
>> >
>> >
>> > *Peer **LDP** Ident: 4.4.4.4:0*; Local LDP Ident 2.2.2.2:0
>>
>> >
>> > TCP connection: 4.4.4.4.60890 - 2.2.2.2.646
>> >
>> > State: Oper; Msgs sent/rcvd: 9/10; Downstream
>> >
>> > Up time: 00:01:05
>> >
>> > LDP discovery sources:
>> >
>> > FastEthernet0/1, Src IP addr: 100.1.24.4
>> >
>> > Addresses bound to peer LDP Ident:
>> >
>> > 100.1.24.4 100.1.45.4 4.4.4.4
>> >
>> > *Peer **LDP** Ident: 3.3.3.3:0*; Local LDP Ident 2.2.2.2:0
>>
>> >
>> > TCP connection: 3.3.3.3.18225 - 2.2.2.2.646
>> >
>> > State: Oper; Msgs sent/rcvd: 9/10; Downstream
>> >
>> > Up time: 00:01:00
>> >
>> > LDP discovery sources:
>> >
>> > FastEthernet0/0, Src IP addr: 100.1.23.3
>> >
>> > Addresses bound to peer LDP Ident:
>> >
>> > 100.1.23.3 100.1.13.3 3.3.3.3
>> >
>> >
>> >
>> > *On R3*
>> >
>> > * *
>> >
>> > R3#*Show mpls forwarding-table *
>> >
>> > * *
>> >
>> > *Local Outgoing Prefix Bytes tag Outgoing Next Hop *
>> >
>> > *tag tag or VC or Tunnel Id switched interface *
>>
>> >
>> > 16 Pop tag 2.2.2.2/32 0 Fa0/0 100.1.23.2
>> >
>> > 17 Pop tag 100.1.24.0/24 0 Fa0/0 100.1.23.2
>> >
>> > 18 17 4.4.4.4/32 0 Fa0/0 100.1.23.2
>> >
>> >
>> >
>> > *Task 3*
>> >
>> > **
>>
>> >
>> > Configure MP-BGP between R3 and R4 as they represent the Provider Edge
>> > routers in this topology in AS 100. The ONLY BGP peering relationship
>> > should be VPNV4. These two neighbors should use their Lo0 interfaces for
>> > their peering.
>> >
>> >
>> >
>> >
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3(config)#*Router bgp 100*
>> >
>> > R3(config-router)#*Neighbor 4.4.4.4 remote-as 100*
>> >
>> > R3(config-router)#*Neighbor 4.4.4.4 update-source Lo0*
>> >
>> >
>> >
>> > R3(config-router)#*Address-family VPNV4 Unicast*
>> >
>> > R3(config-router-af)#*Neighbor 4.4.4.4 Act*
>> >
>> > R3(config-router-af)#*Neighbor 4.4.4.4 Send-community Ext*
>> >
>> >
>> >
>> > *On R4*
>> >
>> >
>> >
>> > R4(config)#*Router bgp 100*
>> >
>> > R4(config-router)#*Neighbor 3.3.3.3 remote-as 100*
>> >
>> > R4(config-router)#*Neighbor 3.3.3.3 update-source Lo0*
>> >
>> >
>> >
>> > R4(config-router)#*Address-family VPNV4 Unicast*
>> >
>> > R4(config-router-af)#*Neighbor 3.3.3.3 Act*
>> >
>> > R4(config-router-af)#*Neighbor 3.3.3.3 Send-community Ext*
>> >
>> >
>> >
>> > *To verify the configuration:*
>> >
>> > * *
>> >
>> > *On R3***
>> >
>> >
>> >
>> > R3#*Show ip bgp vpnv4 all Summary | B Neigh*
>> >
>> > * *
>> >
>> > *Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
>> > State/PfxRcd*
>>
>> >
>> > 4.4.4.4 4 100 8 8 1 0 0 00:02:02
>> > 0
>> >
>> >
>> >
>> > *Task 4*
>> >
>> > **
>>
>> >
>> > Configure the following VRFs, RDs and route-targets on the PE routers:
>> >
>> >
>> >
>> > *Router*
>> >
>> > *VRF Name*
>> >
>> > *RD*
>> >
>> > *Route-Target*
>> >
>> > *Interface*
>> >
>> > R3
>> >
>> > aaa
>> >
>> > 1:10
>> >
>> > Route-target Both 151:100
>> >
>> > S0/1
>> >
>> > R4
>> >
>> > bbb
>> >
>> > 2:20
>> >
>> > Route-target Both 151:100
>> >
>> > S0/1
>> >
>> >
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3(config)#*IP VRF aaa*
>> >
>> > R3(config-vrf)#*RD 1:10*
>> >
>> > R3(config-vrf)#*Route-target Both 151:100*
>> >
>> >
>> >
>> > R3(config)#*Int S0/1*
>> >
>> > R3(config-if)#*IP VRF Forwarding aaa*
>> >
>> > R3(config-if)#*IP address 100.1.13.3 255.255.255.0*
>> >
>> >
>> >
>> > *On R4*
>> >
>> >
>> >
>> > R4(config)#*IP VRF bbb*
>> >
>> > R4(config-vrf)#*RD 2:20*
>> >
>> >
>> >
>> > R4(config-vrf)#*Route-target Both 151:100*
>> >
>> >
>> >
>> > R4(config)#*Int S0/1*
>> >
>> > R4(config-if)#*IP VRF Forwarding bbb*
>> >
>> > R4(config-if)#*IP address 100.1.45.4 255.255.255.0*
>> >
>> >
>> >
>> > *To verify the configuration:*
>> >
>> > * *
>> >
>> > *On R3*
>> >
>> > * *
>> >
>> > R3#*Show ip vrf detail *
>> >
>> >
>> >
>> > *VRF aaa; default RD 1:10*; default VPNID <not set>
>> >
>> > *Interfaces:*
>> >
>> > * Se0/1 *
>> >
>> > Connected addresses are not in global routing table
>> >
>> > *Export VPN route-target communities*
>> >
>> > * RT:151:100 *
>> >
>> > * Import VPN route-target communities*
>> >
>> > * RT:151:100 *
>> >
>> > No import route-map
>> >
>> > No export route-map
>> >
>> > VRF label distribution protocol: not configured
>> >
>> > VRF label allocation mode: per-prefix
>> >
>> >
>> >
>> > *On R4*
>> >
>> > * *
>> >
>> > R4#*Show ip vrf detail*
>> >
>> >
>> >
>> > *VRF bbb; default RD 2:20*; default VPNID <not set>
>> >
>> > *Interfaces:*
>> >
>> > * Se0/1 *
>> >
>> > Connected addresses are not in global routing table
>> >
>> > *Export VPN route-target communities*
>> >
>> > * RT:151:100 *
>> >
>> > * Import VPN route-target communities*
>> >
>> > * RT:151:100*
>> >
>> > No import route-map
>> >
>> > No export route-map
>> >
>> > VRF label distribution protocol: not configured
>> >
>> > VRF label allocation mode: per-prefix
>> >
>> >
>> >
>> > *Task 5*
>> >
>> > **
>>
>> >
>> > Configure the routers such that the hosts in Site-1 can access the
>> > server-1 in Site 2 and vice versa. You should configure the CE routers
>> (R1
>> > and R5). Use the following translation chart:
>> >
>> >
>> >
>> > *Rouer*
>> >
>> > *Inside Local*
>> >
>> > *Inside Global*
>> >
>> > *R1*
>> >
>> > *10.1.1.1*
>> >
>> > *10.1.1.2 10.1.1.5*
>> >
>> > *1.1.1.1*
>> >
>> > *1.1.1.2 1.1.1.5*
>> >
>> > R5
>> >
>> > 10.1.1.1
>> >
>> > 10.1.1.2 10.1.1.5
>> >
>> > 5.5.5.1
>> >
>> > 5.5.5.2 5.5.5.5
>> >
>> >
>> >
>> >
>> >
>> > *A static route for network 1.1.1.0 /24 is configured and redistributed
>> > into the vrf aaa on R3. *
>> >
>> > *This is done to provide reachability to the hosts connected to R5.*
>> >
>> > * *
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3(config)#*IP Route** vrf aaa 1.1.1.0 255.255.255.0 100.1.13.1*
>> >
>> >
>> >
>> > R3(config)#*Router bgp 100*
>> >
>> > R3(config-router)#*Address-family IPv4 vrf aaa*
>> >
>> > R3(config-router-af)#*Redistribute Static*
>> >
>> > R3(config-router-af)#*Redistribute connected*
>> >
>> >
>> >
>> > *The same is configured on R4:*
>> >
>> >
>> >
>> > *On R4*
>> >
>> >
>> >
>> > R4(config)#*IP Route** vrf bbb 5.5.5.0 255.255.255.0 100.1.45.5*
>> >
>> >
>> >
>> > R4(config)#*Router bgp 100*
>> >
>> > R4(config-router)#*Address-family IPv4 vrf bbb*
>> >
>> > R4(config-router-af)#*Redistribute Static*
>> >
>> > R4(config-router-af)#*Redistribute Connected*
>> >
>> >
>> >
>> > *To verify the configuration:*
>> >
>> > * *
>> >
>> > *On R4*
>> >
>> >
>> >
>> > R4#*Show ip route vrf bbb | b Gate*
>>
>> >
>> >
>> >
>> > Gateway of last resort is not set
>> >
>> >
>> >
>> > 1.0.0.0/24 is subnetted, 1 subnets
>> >
>> > *B 1.1.1.0 [200/0] via 3.3.3.3, **00:02:17***
>> >
>> > 100.0.0.0/24 is subnetted, 2 subnets
>> >
>> > C 100.1.45.0 is directly connected, Serial0/1
>> >
>> > B 100.1.13.0 [200/0] via 3.3.3.3, 00:02:17
>> >
>> > 5.0.0.0/24 is subnetted, 1 subnets
>> >
>> > S 5.5.5.0 [1/0] via 100.1.45.5
>> >
>> >
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3#*Show ip route vrf aaa | b Gate*
>>
>> >
>> >
>> >
>> > Gateway of last resort is not set
>> >
>> >
>> >
>> > 1.0.0.0/24 is subnetted, 1 subnets
>> >
>> > S 1.1.1.0 [1/0] via 100.1.13.1
>> >
>> > 100.0.0.0/24 is subnetted, 2 subnets
>> >
>> > B 100.1.45.0 [200/0] via 4.4.4.4, 00:02:06
>> >
>> > C 100.1.13.0 is directly connected, Serial0/1
>> >
>> > 5.0.0.0/24 is subnetted, 1 subnets
>> >
>> > *B 5.5.5.0 [200/0] via 4.4.4.4, **00:02:06***
>> >
>> >
>> >
>> > *On R1*
>> >
>> >
>> >
>> > *The **NAT** Inside and Outside interfaces are defined:*
>> >
>> >
>> >
>> > R1(config)#*Int range Lo0 4*
>> >
>> > R1(config-if)#*IP **NAT** Inside*
>> >
>> >
>> >
>> > R1(config)#*Int S0/1*
>> >
>> > R1(config-if)#*IP **NAT** Outside*
>> >
>> >
>> >
>> > *The following command translates the inside source IP address of
>> > 10.1.1.1 to 1.1.1.1 *
>> >
>> > *IP address:*
>> >
>> >
>> >
>> > R1(config)#*IP **NAT** inside source static 10.1.1.1 1.1.1.1*
>> >
>> >
>> >
>> > *An access-list is configured to identify the communication between
>> > inside sources with *
>> >
>> > *destination IP addresses:*
>> >
>> >
>> >
>> > R1(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 5.5.5.0
>> 0.0.0.255
>> > *
>> >
>> >
>> >
>> > *The following configures a **NAT** pool that the inside hosts can use:*
>> >
>> >
>> >
>> > R1(config)#*IP Nat pool TST 1.1.1.2 1.1.1.5 Prefix-length 24 type
>> > match-host*
>> >
>> > * *
>> >
>> > *The last step is to configure the inside sources identified in
>> **ACL**100
>> to use the
>> > **NAT** pool *
>> >
>> > *called TST :*
>> >
>> >
>> >
>> > R1(config)#*IP **NAT** inside source list 100 pool TST*
>> >
>> >
>> >
>> > *On R5*
>> >
>> >
>> >
>> > R5(config-if)#*Int range Lo0 - 4*
>> >
>> > R5(config-if)#*IP **NAT** Inside*
>> >
>> >
>> >
>> > R5(config)#*Int S0/1*
>> >
>> > R5(config-if)#*IP **NAT** Outside*
>> >
>> >
>> >
>> > R5(config)#*IP **NAT** inside source static 10.1.1.1 5.5.5.1*
>> >
>> >
>> >
>> > R5(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 1.1.1.0
>> 0.0.0.255
>> > *
>> >
>> >
>> >
>> > R5(config)#*IP Nat pool TST 1.1.1.2 1.1.1.5 Prefix-length 24*
>> >
>> > R5(config)#*IP **NAT** inside source list 100 pool TST*
>> >
>> >
>> >
>> > *To verify the configuration:*
>> >
>> > * *
>> >
>> > *On R1*
>> >
>> >
>> >
>> > R1#*Ping** 5.5.5.1 source Lo0*
>> >
>> >
>> >
>> > Type escape sequence to abort.
>> >
>> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
>> >
>> > Packet sent with a source address of 10.1.1.1
>> >
>> > *!!!!!*
>> >
>> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 52/56/60
>> ms*
>> >
>> >
>> >
>> > R1#*Show ip nat translations *
>> >
>> >
>> >
>> > *Pro Inside global Inside local Outside local Outside
>> > global*
>>
>> >
>> > icmp 1.1.1.1:2 10.1.1.1:2 5.5.5.1:2 5.5.5.1:2
>> >
>> > --- 1.1.1.1 10.1.1.1 --- ---
>> >
>> > * *
>> >
>> > R1#*Ping** 5.5.5.1 Source Lo4*
>> >
>> >
>> >
>> > Type escape sequence to abort.
>> >
>> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
>> >
>> > Packet sent with a source address of 10.1.1.2
>> >
>> > *!!!!!*
>> >
>> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60
>> ms*
>> >
>> >
>> >
>> > R1#*Sh ip nat translation *
>> >
>> >
>> >
>> > *Pro Inside global Inside local Outside local Outside
>> > global*
>> >
>> > icmp 1.1.1.1:7 10.1.1.1:7 5.5.5.1:7 5.5.5.1:7
>> >
>> > --- 1.1.1.1 10.1.1.1 --- ---
>> >
>> > icmp 1.1.1.5:8 10.1.1.5:8 5.5.5.5:8 5.5.5.5:8
>> >
>> > --- 1.1.1.5 10.1.1.5 --- ---
>> >
>> >
>> >
>> > *Task 6*
>> >
>> > **
>> >
>> > **Remove the configuration from the previous step and configure the PE
>> > routers to accomplish the same task.
>> >
>> >
>> >
>> >
>> >
>> > *On R1*
>> >
>> >
>> >
>> > R1(config)#*Int range Lo0 - 4*
>> >
>> > R1(config-if-range)#*NO** IP **NAT** Inside*
>> >
>> >
>> >
>> > R1(config)#*Int S0/1*
>> >
>> > R1(config-if)#*NO** IP **NAT** Outside*
>> >
>> >
>> >
>> > R1(config)#*No** Access-list 100*
>> >
>> > R1(config)#*NO** ip nat inside source static 10.1.1.1 1.1.1.1*
>> >
>> > R1(config)#*NO** ip nat inside source list 100 pool TST*
>> >
>> > R1(config)#*NO** ip nat pool TST 1.1.1.2 1.1.1.5 prefix-length 24*
>> >
>> >
>> >
>> > *On R5*
>> >
>> >
>> >
>> >
>> >
>> > R5(config)#*Int range Lo0 - 4*
>> >
>> > R5(config-if-range)#*NO** IP **NAT** Inside*
>> >
>> >
>> >
>> > R5(config)#*Int S0/1*
>> >
>> > R5(config-if)#*NO** IP **NAT** Outside*
>> >
>> >
>> >
>> > R5(config)#*NO** access-list 100*
>> >
>> > R5(config)#*NO** ip nat inside source static 10.1.1.1 5.5.5.1*
>> >
>> > R5(config)#*NO** ip nat inside source list 100 pool TST*
>> >
>> > R5(config)#*NO** ip nat pool TST 1.1.1.2 1.1.1.5 prefix-length 24*
>> >
>> >
>> >
>> > *NOTE: The configuration on the PE is identical to the configuration
>> that
>> > was performed *
>> >
>> > *on the CEs with one difference; on the PEs the VRF MUST be referenced.*
>> >
>> >
>> >
>> > *On R3*
>> >
>> >
>> >
>> > *The inside and outside interfaces are defined; the interface facing the
>> > CE MUST be defined *
>> >
>> > *as inside, and the interface facing the core must be defined as
>> outside.*
>> >
>> >
>> >
>> > R3(config)#*Int S0/1*
>> >
>> > R3(config-if)#*IP **NAT** Inside*
>> >
>> >
>> >
>> > R3(config)#*Int F0/0*
>> >
>> > R3(config-if)#*IP **NAT** Outside*
>> >
>> >
>> >
>> > *A Static **NAT** is configured to translate any traffic with a source
>> IP
>> > address of 10.1.1.1 to *
>> >
>> > *1.1.1.1 IP address IN VRF aaa :*
>> >
>> >
>> >
>> > R3(config)#*IP **NAT** inside source static 10.1.1.1 1.1.1.1 vrf aaa*
>> >
>> >
>> >
>> > *An access-list is configured to identify the communication between
>> > inside sources with *
>> >
>> > *destination IP addresses:*
>> >
>> > * *
>> >
>> > R3(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 5.5.5.0
>> 0.0.0.255
>> > *
>> >
>> >
>> >
>> > *A **NAT** pool called TST is configured:*
>> >
>> >
>> >
>> > R3(config)#*IP **NAT** Pool TST 1.1.1.2 1.1.1.5 Prefix-length 24 Type
>> > match-host*
>> >
>> > * *
>> >
>> > *The last step is to configure the inside sources identified in
>> **ACL**100
>> to use the
>> > **NAT** pool called*
>> >
>> > * TST for VRF aaa :***
>> >
>> > * *
>> >
>> > R3(config)#*IP **NAT** inside source list 100 pool TST vrf aaa*
>> >
>> >
>> >
>> > *On R4*
>> >
>> >
>> >
>> >
>> >
>> > R4(config)#*Int S0/1*
>> >
>> > R4(config-if)#*IP **NAT** Inside*
>> >
>> >
>> >
>> > R4(config)#*Int F0/1*
>> >
>> > R4(config-if)#*IP **NAT** Outside*
>> >
>> >
>> >
>> > R4(config)#*IP **NAT** inside source static 10.1.1.1 5.5.5.1 vrf bbb*
>> >
>> >
>> >
>> > R4(config)#*Access-list 100 permit ip 10.1.1.0 0.0.0.255 1.1.1.0
>> 0.0.0.255
>> > *
>> >
>> >
>> >
>> > R4(config)#*IP **NAT** Pool TST 5.5.5.2 5.5.5.5 prefix-length 24 type
>> > match-host*
>> >
>> > * *
>> >
>> > R4(config)#*IP **NAT** Inside source list 100 pool TST vrf bbb*
>> >
>> >
>> >
>> > *To verify the configuration:*
>> >
>> > * *
>> >
>> > *On R3*
>> >
>> >
>> >
>> > R3#*Show ip nat translations vrf aaa*
>> >
>> >
>> >
>> > *Pro Inside global Inside local Outside local Outside
>> > global*
>>
>> >
>> > --- 1.1.1.1 10.1.1.1 --- ---
>> >
>> >
>> >
>> > *To test the configuration:*
>> >
>> > * *
>> >
>> > *On R1*
>> >
>> >
>> >
>> > R1#*Ping** 5.5.5.1 Source Lo0*
>> >
>> >
>> >
>> > Type escape sequence to abort.
>> >
>> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
>> >
>> > Packet sent with a source address of 10.1.1.1
>> >
>> > *!!!!!*
>> >
>> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60
>> ms*
>> >
>> >
>> >
>> > *On R3*
>> >
>> > * *
>> >
>> > R3#*Show ip nat translation vrf aaa*
>> >
>> >
>> >
>> > *Pro Inside global Inside local Outside local Outside
>> > global*
>> >
>> > icmp 1.1.1.1:0 10.1.1.1:0 5.5.5.1:0 5.5.5.1:0
>> >
>> > --- 1.1.1.1 10.1.1.1 --- ---
>> >
>> >
>> >
>> > R1#*Ping** 5.5.5.1 Source Lo4*
>>
>> >
>> >
>> >
>> > Type escape sequence to abort.
>> >
>> >
>> >
>> > Sending 5, 100-byte ICMP Echos to 5.5.5.1, timeout is 2 seconds:
>> >
>> > Packet sent with a source address of 10.1.1.2
>> >
>> > *!!!!!*
>> >
>> > *Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56
>> ms*
>> >
>> >
>> >
>> > *On R3*
>> >
>> > * *
>> >
>> > R3#*Show ip nat translation vrf aaa*
>> >
>> >
>> >
>> > *Pro Inside global Inside local Outside local Outside
>> > global*
>> >
>> > icmp 1.1.1.1:2 10.1.1.1:2 10.1.1.2:2 10.1.1.2:2
>>
>> >
>> > --- 1.1.1.1 10.1.1.1 --- ---
>> >
>> > *icmp 1.1.1.5:1 10.1.1.5:1 5.5.5.5:1 5.5.5.5:1
>> *
>> >
>> > *--- 1.1.1.5 10.1.1.5 --- ---***
>> >
>> >
>> >
>> > Have fun.
>> >
>> > **
>> > **
>> > **
>> > **
>> > **
>> > **
>> > **
>> >
>> > On Sun, Nov 20, 2011 at 6:06 PM, Bernard Steven
>> <buny.steven_at_gmail.com>wrote:
>> >
>> >> Guys,
>> >> Is there a way to do a nat between a vrf interface and traffic coming
>> from
>> >> an LDP enabled interface towards the core ?
>> >> I am trying to NAT in a PE.One interface is towards a CE and the other
>> >> interface is towards the P router.,
>> >>
>> >> The device does not support NVI , also vrf aware nat does not seem to
>> >> help.
>> >>
>> >> My problem is it does not make sense to put an ip nat inside / outside
>> >> statement in the interface towards the PE.
>> >> Any thoughts ?
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > *Narbik Kocharians
>> > *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>> > *www.MicronicsTraining.com* <http://www.micronicstraining.com/>
>> > Sr. Technical Instructor
>> > YES! We take Cisco Learning Credits!
>> > Training & Remote Racks available
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
-- *Narbik Kocharians *CCSI#30832, CCIE# 12410 (R&S, SP, Security) *www.MicronicsTraining.com* <http://www.micronicstraining.com/> Sr. Technical Instructor YES! We take Cisco Learning Credits! Training & Remote Racks available Blogs and organic groups at http://www.ccie.netReceived on Mon Nov 21 2011 - 07:52:37 ART
This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 06:29:31 ART