cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
276
Views
0
Helpful
1
Replies

BGP,ZBF,NAT

safiud832003
Level 1
Level 1
Recently Implemented with new router.please refer to the diagram and my following questions: 1.2 Routers connected to same ISP with BGP peering and Default route adv to customer router. and both router is not connected each other. 2.Internal interface of the routers are using EIGRP.OnEigrp bgp is redistributed. 3.pool of IPs for static NAT to connect server from outside.so we created null 0 ip route (For example : ip router 111.111.111.0/28 null 0) and also advertise on BGP using network command on both routers. ==== My Questions: 1.Is there any issues if adv 111.x.x.x/28 using network command on both routers.is there any traffic inconsistent. 2.server traffic is passing via R1 and from internet if we traceroute to same server.it shows R2 when traceroute.Is it normal behaviour? 3.on top of that we using ZBF firewall too.From internet we can connected to FTP server using Filezilla but we cant see directories. Much appreciate if anyone can help ASAP.
1 Reply 1

Hello

 

without looking at you config its hard to understand - however looking at the design

 

1) advertising the same subnet out of each ISP router would be applicable for resiliency

2) asymmetric routing could be due to the isp2 return scr traffic seeing the your rtr2 as a shorter path back into your network -( maybe  bgp path manipulation could help here-as-path pre-pending?)

NOTE:

faiilover  of either router ISP link would cause traffic to be routed back over you LAN via igp -a more positive approach would to put a interconnect link between each router and run IBGP this could also help with path manipulation for  outgoing traffic ( local preference)

3)Not sure on this one -if you can connect to this server then I am assuming  the iOS fw has allowed access -possible folder permissions etc....

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco