Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4463
Views
0
Helpful
3
Replies

NAT/OSPF help

Go to solution
xAdventix
Level 1
Level 1

‎10-09-2014 04:28 AM - edited ‎03-07-2019 09:03 PM

Hi Guys,

 

I am currently trying to configure OSPF and NAT with a 3 cisco router topology, I can ping the destination from my G0/0 interface 192.168.1.1 towards 10.1.1.1 loopback IP so OSPF is working and has built an adjacency with the connecting neighbors. I can source a ping from 10.1.1.1 towards the loopback 172.20.1.1 which works fine as well. 

 

This is router A which is connected to both routers. From this router I can't get a ICMP response towards the loopback of 10.1.1.1 however can vice versa from 10.1.1.1 towards 172.20.1.1 so I definitely think this is a NAT configuration issue as OSPF appears to be working fine on the two routers that don't have it configured. Am I meant to configure it on the other routers? (NAT) 

interface Loopback0
 ip address 172.20.1.1 255.255.255.248
 ip nat inside
!
interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.252
 ip nat outside
 duplex full
 speed 1000
!
interface GigabitEthernet0/1
 ip address 192.168.1.5 255.255.255.252
 ip nat outside
 duplex full
 speed 1000
!
router ospf 1
 log-adjacency-changes

 router-id 1.1.1.1
 network 172.20.1.0 0.0.0.7 area 0
 network 192.168.1.4 0.0.0.3 area 0
 network 192.168.1.0 0.0.0.3 area 0
!
ip nat pool 60days 192.168.20.0 192.168.20.6 netmask 255.255.255.248
ip nat inside source list 1 pool 60days
ip classless
!
!
access-list 1 permit host 172.20.1.1
!

end


When I check the nat translation and statistics it shows the following:

Router#sh ip nat transl
Pro  Inside global     Inside local       Outside local      Outside global
icmp 192.168.20.1:31   172.20.1.1:31      10.1.1.1:31        10.1.1.1:31
icmp 192.168.20.1:32   172.20.1.1:32      10.1.1.1:32        10.1.1.1:32
icmp 192.168.20.1:33   172.20.1.1:33      10.1.1.1:33        10.1.1.1:33
icmp 192.168.20.1:34   172.20.1.1:34      10.1.1.1:34        10.1.1.1:34
icmp 192.168.20.1:35   172.20.1.1:35      10.1.1.1:35        10.1.1.1:35

Router#sh ip nat stat
Total translations: 5 (0 static, 5 dynamic, 5 extended)
Outside Interfaces: GigabitEthernet0/0 , GigabitEthernet0/1
Inside Interfaces: Loopback0
Hits: 5  Misses: 65
Expired translations: 30
Dynamic mappings:
-- Inside Source
access-list 1 pool 60days refCount 5
 pool 60days: netmask 255.255.255.248
       start 192.168.20.0 end 192.168.20.6
       type generic, total addresses 7 , allocated 1 (14%), misses 0

 

So to me, it appears it should be able to check that 172.20.1.1 is where it needs to go once it hits the router, but from the ICMP requests it appears with the 192.168.20.1 address, it just doesn't know where to send it back towards. Do I need to configure a route for the 192.168.20.1 address so that it knows to send it back towards this router? This doesn't appear to work as it isn't being picked up by the routing table, maybe because it isn't a configured IP address on a interface? 

 

Router where 10.1.1.1 lies:

interface Loopback0
 ip address 10.1.1.1 255.255.240.0
!
interface GigabitEthernet0/0
 ip address 192.168.1.2 255.255.255.252
 duplex full
 speed 1000
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 192.168.1.0 0.0.0.3 area 0
 network 10.1.0.0 0.0.15.255 area 0
!
 


Sorry if this is messy, please ask if you need any more information and I will supply it. 

Thanks in advance,

 

Aaron

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
danjone3
Cisco Employee
Cisco Employee
In response to xAdventix

‎11-04-2014 10:01 AM

If I'm understanding this correctly, you're using a pool of IPs for your NAT from a subnet that isn't in use on your network.  That's not wrong per se but it's not the normal practice that I've seen.  Normally, NAT either overloads an existing interface IP or uses IPs in the same subnet as an existing interface IP.  Since the subnet isn't in use other than for NAT, it doesn't exist in your routing tables.  If you can't use an existing subnet for you NAT IPs, you have to add the NAT subnet in some way.  You can put a static route on Router A, since that's where the subnet originates, and redistribute it into OSPF for advertising to the rest of your network.

Since you have a loopback as your NAT inside, I assume this is a lab and not a real world scenario?  You should be able to create another loopback interface and give it an IP in your NAT subnet and advertise that via OSPF.  I haven't tested it but I don't see any reason that wouldn't work.  That would allow you to avoid the static route but it's more of a contrived work-around than something I'd recommend for a real world scenario.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
xAdventix
Level 1
Level 1

‎10-09-2014 04:37 AM

Hi, 

 

So I have actually made it work now, with the use of a static route. Is this a necessity to be performed for NAT or should I be able to configure this with OSPF?

 

I have placed the static route on the 10.1.1.1 router and is getting ICMP responses and translating correctly. But I'd rather be using OSPF instead of static routes.

 

Thanks

 

Aaron 

0 Helpful

Go to solution
danjone3
Cisco Employee
Cisco Employee
In response to xAdventix

‎11-04-2014 10:01 AM

If I'm understanding this correctly, you're using a pool of IPs for your NAT from a subnet that isn't in use on your network.  That's not wrong per se but it's not the normal practice that I've seen.  Normally, NAT either overloads an existing interface IP or uses IPs in the same subnet as an existing interface IP.  Since the subnet isn't in use other than for NAT, it doesn't exist in your routing tables.  If you can't use an existing subnet for you NAT IPs, you have to add the NAT subnet in some way.  You can put a static route on Router A, since that's where the subnet originates, and redistribute it into OSPF for advertising to the rest of your network.

Since you have a loopback as your NAT inside, I assume this is a lab and not a real world scenario?  You should be able to create another loopback interface and give it an IP in your NAT subnet and advertise that via OSPF.  I haven't tested it but I don't see any reason that wouldn't work.  That would allow you to avoid the static route but it's more of a contrived work-around than something I'd recommend for a real world scenario.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-28-2014 05:27 PM

Hello

Can you lease post a small topology diagram to provide a simplistic view of your  network.

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card