cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
340
Views
4
Helpful
5
Replies

routing options

mohsin.khan
Level 3
Level 3

Hi, i have a partner who wants to connect its single site with our 2 sites using ethernet over fiber. They have an ip pool which conflicts with an already ip pool advertised in our network. Our suggestion of implenting NAT has already been rejected due to some unknown reasons. They have suggested implementing GRE tunnel, which in my own opinion is worthless and also complicated in implemented 2 GRE tunnels from my side. I need to know if there is any better ides to achieve this connectivity. we will run OSPF with them, with their site area being stub.

5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

If the overlapping sites need to communicates with each other, you must use NAT.

Else regular routing will work, just eliminate the overlapping addresses from the announcements.

GRE is used when you connect over the internet, not when you have your own circuits.

Edison Ortiz
Hall of Fame
Hall of Fame

mohsin,

We are not aware of your customer's or your network requirements but if NAT has been rejected as an option, you can explore MPLS as an alternative.

You can create a VRF for this partner's connection and treat it as a separate entity. Traffic in/out the VRF can be controlled rather easily and you don't have to advertise this partner's subnet into your global routing table.

HTH,

__

Edison.

I got an approval for the NAT from the partner, there again is a question, rather a confirmation just for my understanding. If my partner puts his eth interface as nat inside, and both its wan links connecting to my sites as nat outside, and defines a subnet frm my network as the overload nat pool, then all is going to work fine? i mean in firewall the nat is binded to the interfaces, however in routers i believe we can allocate the nat pool and use at multiple interfaces simaltaneously as outside nat interfaces, correct? How would traffic be effected, coz i want give a single subnet as a nat pool to my partner, and traffic will be coming on both of my sites (though different ospf costs)

Also, this VRF option is interesting, and just want to knw if VRF is applicable in low end routers as well, or is it only available in 6500/7600 etc?

and VRF would be applicable if the source and destination have to be seperate from the rest of my network, which is not my requirement, is that rite? Partner has to connect to some of my network entities placed at my 3rd site that is connected to both of my sites that are connect with partner.

If my partner puts his eth interface as nat inside, and both its wan links connecting to my sites as nat outside, and defines a subnet frm my network as the overload nat pool, then all is going to work fine?

Yes.

You can create an ACL to match the source|destination on the traffic to be NAT'd. For instance:

access-list 101 permit ip [partner's subnet] [your subnet]

ip nat inside source list 101 .....

interface fx/x

description inside

ip nat in

interface fx/x

description outside

ip nat out

You can use a NAT-POOL or interface overload - that's a design call.

Also, this VRF option is interesting, and just want to knw if VRF is applicable in low end routers as well, or is it only available in 6500/7600 etc?

VRF is supported on low end routers as well but since you got the green light on the NAT, I believe that's an easier design. If you aren't familiar with VRF or MPLS, things can become a bit complicated.

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco