Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

a NAT problem

i have 2 router in 2 offices(A and B) connecting to MPLS link. we did not run any routing protocol with ISP only static route. Since ISP didnot install the route of our LAN network, so We cannot ping from A to B from LAN to LAN, while from WAN to WAN can reach since they are ISP Ip address. i like to implement NAT, after completation, I am able to ping from A to B, but not from B to A. I have post my network diagram and my configuration. Please help me to look at it.

4 REPLIES

Re: a NAT problem

Hi Shibindong

If you are connected to a MPLS network provided by your SP then you dont need to do any kinda NAT config on your router end.

The ISP is required to have the reverse route to your local lan pointing your VRF created on the SP's PE which will be propagated either through direct MP-BGP session or through RR configured MP-BGP sessions.

The above said will have to be there in SP environment and you need to stress up your point of having the connectivity between your locations so that they can enable the same..

regds

Re: a NAT problem

Hi,

Can you check the access-list used for NAT'ing in the both the routers.

From the config posted, it appears that at the both routers ( A & B) you are having the same ACL.

Router A.

ip access-list standard suntec

permit 192.168.2.0 0.0.0.255

Router B.

ip access-list standard voicenat

permit 192.168.2.0 0.0.0.255

This should be corrected in Router A as follows

Router A ( corrected)

ip access-list standard suntec

permit 192.168.1.0 0.0.0.255

Hope this helps

-VJ

Re: a NAT problem

Hi,

I agree with the previous Netpro's comments.

Kindly check with your service provider to do the proper routing for the private ip addresses at both locations. This would be the correct approach.

-VJ

Silver

Re: a NAT problem

Functionally, your solution should work. But I agreed w/ Edwin that you really no need to implement NAT if it is MPLS enabled. However, you have to let your SP to know your LAN side address then they should add it in the VRF routing table.

Also agreed w/ VJ that your access-list is incorrect configured. I believe it is a typo...

Hope this helps.

97
Views
6
Helpful
4
Replies
CreatePlease login to create content