Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
0
Helpful
5
Replies

NAT or PBR !

illusion_rox
Level 1
Level 1

‎10-20-2009 09:53 PM - edited ‎03-06-2019 08:13 AM

Hi all. Kindly guide me in this since i dont know why its happening

I have 3 routers connected via serial interfaces like this

R1-------------R2-----------R3

R1 IP = 11.0.0.1

R2 IP(for R1) = 11.0.0.2

R2 IP(for R3) = 10.0.0.2

R3 IP = 10.0.0.3

Now R2 is connected to R1 on Se0/0

to R3 on Se0/1

I have configured se0/1 ip nat inside

se0/0 ip nat outside

and then

ip nat inside source static 10.0.0.23 11.0.0.2

Now when R1 sends a packet destined to 11.0.0.2 R2 doesnt reply but performs translation first ! and sends the packet out to R3. This is i have tested and its working 100% what i described. My confusion is why is this so ? a packet destined to router itself why its being translated first ?

In order to check further i applied a PBR, which purpose is, if any packet from 11.0.0.1 comes for 11.0.0.2 just send it to R3 (10.0.0.3). I have applied the policy as local and interface PBR but its not working !!!.

Can someone explain me this behaviour.

Labels:
0 Helpful
5 Replies 5

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎10-21-2009 12:37 AM

Ovais,

Hi, how are you doing?

Regarding to your question. Well,it works as expected.

Router will do a static nat(outside-to-inside) first before doing a routing process for Outside-to-Inside(Nat).

For PBR, If the nat statement still exists,packet won't be matched with your PBR because the packets get traslated before being sent to PBR process. The destination will be translated to what you've defined on the NAT statement.

HTH,

Toshi

0 Helpful

illusion_rox
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎10-21-2009 12:54 AM

Dear Toshi, thanks for the feedback. Sorry i forgot to mention i was testing them seperately. When i configured PBR, i removed nat configuration.

Kindly guide me now

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to illusion_rox

‎10-21-2009 01:14 AM

Ovais,

Do R3 have a route for 11.0.0.x network pointed back to R2? If not,It won't work anyway. The destination IP address is 11.0.0.2. On R3 point of view, it will see a destination IP address as 11.0.0.2. After that droping it because it has no idea about this prefix.

HTH,

Toshi

0 Helpful

illusion_rox
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎10-21-2009 02:06 AM

Dear Sir, currently i am troubled with R2 point of view. Pls consider all other factors in place i.e. reverse route and all.

Can you kindly help me why PBR is not working and NAT is !!!

Kindly guide me

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to illusion_rox

‎10-21-2009 04:07 AM

Ovais,

Sorry guys, I missed reading the whole question. You were trying to creat a packet with Src:11.0.0.1 and Dst:11.0.0.2. You also want R2 to do PBR to forward the packet to R3. R2 point of view, PBR won't work in this case because the destination you have configured on the ACL is the IP address of the Router. I mean, all of ip addresses assigned to the router will fall in this case. If you really want to accomplish this task, you must use a local policy to redirect the packet to R3. However, it's a return packet that is originated by the router. That's Src:11.0.0.2 and Dst:11.0.0.1. You now can use ip local policy route-map to forward this packet to next-hop of R3.

HTH,

Toshi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card