Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
6
Helpful
4
Replies

a NAT problem

shibindong
Level 1
Level 1

‎01-07-2007 06:22 PM - edited ‎03-03-2019 03:16 PM

i have 2 router in 2 offices(A and B) connecting to MPLS link. we did not run any routing protocol with ISP only static route. Since ISP didnot install the route of our LAN network, so We cannot ping from A to B from LAN to LAN, while from WAN to WAN can reach since they are ISP Ip address. i like to implement NAT, after completation, I am able to ping from A to B, but not from B to A. I have post my network diagram and my configuration. Please help me to look at it.

Labels:
Preview file
27 KB
Preview file
2 KB
Preview file
1 KB
0 Helpful
4 Replies 4

spremkumar
Level 9
Level 9

‎01-07-2007 08:51 PM

Hi Shibindong

If you are connected to a MPLS network provided by your SP then you dont need to do any kinda NAT config on your router end.

The ISP is required to have the reverse route to your local lan pointing your VRF created on the SP's PE which will be propagated either through direct MP-BGP session or through RR configured MP-BGP sessions.

The above said will have to be there in SP environment and you need to stress up your point of having the connectivity between your locations so that they can enable the same..

regds

vijayasankar
Level 4
Level 4

‎01-07-2007 08:53 PM

Hi,

Can you check the access-list used for NAT'ing in the both the routers.

From the config posted, it appears that at the both routers ( A & B) you are having the same ACL.

Router A.

ip access-list standard suntec

permit 192.168.2.0 0.0.0.255

Router B.

ip access-list standard voicenat

permit 192.168.2.0 0.0.0.255

This should be corrected in Router A as follows

Router A ( corrected)

ip access-list standard suntec

permit 192.168.1.0 0.0.0.255

Hope this helps

-VJ

vijayasankar
Level 4
Level 4

‎01-07-2007 08:56 PM

Hi,

I agree with the previous Netpro's comments.

Kindly check with your service provider to do the proper routing for the private ip addresses at both locations. This would be the correct approach.

-VJ

0 Helpful

jackyoung
Level 6
Level 6
In response to vijayasankar

‎01-07-2007 10:25 PM

Functionally, your solution should work. But I agreed w/ Edwin that you really no need to implement NAT if it is MPLS enabled. However, you have to let your SP to know your LAN side address then they should add it in the VRF routing table.

Also agreed w/ VJ that your access-list is incorrect configured. I believe it is a typo...

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card