GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: BGP with NAT posted 09/15/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


"Any" does works. What does not work is "any any" in the last line of the
access-list .

Cannnot explain why though ...

Here it is labbed:

access-list 104 deny   tcp host 192.168.14.1 eq bgp host 192.168.14.2
access-list 104 deny   tcp host 192.168.14.2 eq bgp host 192.168.14.1
access-list 104 permit ip 192.168.15.0 0.0.0.255 any


(192.168.14.1 and 192.168.14.2 are the ebgp hosts, 192.168.15.0/24 is a subnet in the inside network)

Doing a ping from the inside subnet:

r4#sh ip nat tr
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.14.1:174  192.168.15.1:174   150.1.2.2:174      150.1.2.2:174
icmp 192.168.14.1:175  192.168.15.1:175   150.1.2.2:175      150.1.2.2:175
icmp 192.168.14.1:176  192.168.15.1:176   150.1.2.2:176      150.1.2.2:176
icmp 192.168.14.1:177  192.168.15.1:177   150.1.2.2:177      150.1.2.2:177
icmp 192.168.14.1:178  192.168.15.1:178   150.1.2.2:178      150.1.2.2:178

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down
State/PfxRcd
192.168.14.2    4   200      30      31        6    0    0 00:09:05
    1   ---------------> UP for 9 minutes

NB: if you use "any any" in the last line of the access-list you get

r4#sh ip nat tr
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.14.1:1030  192.168.14.1:45549 192.168.14.2:179
192.168.14.2:179

and then

r4#
*Mar  1 02:52:43.512: BGP: 192.168.14.2 open active, local address
192.168.14.1
*Mar  1 02:52:43.520: BGP: 192.168.14.2 open failed: Connection refused by
remote host






----- Original Message ----- From: "shha" <shha77@xxxxxxxxx>
To: "xprtofnet" <xprtofnet@xxxxxxxxx>
Cc: "Brian Dennis" <bdennis@xxxxxxxxxxxxxxxxxxxxxx>; "ccielab"
<ccielab@xxxxxxxxxxxxxx>
Sent: Friday, September 15, 2006 1:17 AM
Subject: Re: BGP with NAT



or add
ip nat inside source static tcp x.x.x.x 179 x.x.x.x 179



On 9/14/06, shha <shha77@xxxxxxxxx> wrote:

change access-list point to inside netwok, don't use any to solve the problem


On 9/14/06, xprtofnet <xprtofnet@xxxxxxxxx> wrote: > > this is also working.. > > ! > ip nat pool a 220.0.0.1 220.0.0.1 netmask > 255.255.255.0 > ip nat inside source list 1 pool a > ! > access-list 1 permit any > > > > --- Brian Dennis < bdennis@xxxxxxxxxxxxxxxxxxxxxx> > wrote: > > > What does your ACL look like? > > > > Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) > > bdennis@xxxxxxxxxxxxxxxxxxxxxx > > > > Internetwork Expert, Inc. > > http://www.InternetworkExpert.com > > <http://www.internetworkexpert.com/> > > Toll Free: 877-224-8987 > > Direct: 775-745-6404 (Outside the US and Canada) > > > > > > -----Original Message----- > > From: nobody@xxxxxxxxxxxxxx > > [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of > > xprtofnet > > Sent: Thursday, September 14, 2006 1:50 PM > > To: xprtofnet; ccielab > > Subject: Re: BGP with NAT > > > > got it---overload was doing port translation. > > > > following works---any other inputs are welcome > > > > on R1 > > > > ip nat pool a 220.0.0.1 220.0.0.1 netmask > > 255.255.255.0 type rotary ip > > nat inside source list 1 pool a > > > > --- xprtofnet <xprtofnet@xxxxxxxxx> wrote: > > > > > Folks, > > > > > > here is the scenario.. > > > > > > Back-Bone_OUTSIDE_e0/2_R1-e0/0--INSIDE network > > > > > > R1 and BackBone has eBGP connection > > > > > > Inside Networks are NOT advertised to BackBone > > > > > > But communication needs to happen with Backbone > > and INSIDE network > > > > > > when i do this on R1 the eBGP session drops > > > > > > R1 > > > ip nat inside source list 1 interface e0/2 > > overload > > > > > > e0/2 > > > ip nat outside > > > > > > e0/1 > > > ip nat inside > > > > > > Any tips on how to keep BGP UP ? and have NAT > > working ? > > > > > > Thank you, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > > http://mail.yahoo.com > > > > > > > > > _______________________________________________________________________ > > > Subscription information may be found at: > > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > http://mail.yahoo.com > > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html

_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html


-- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.12.3/447 - Release Date: 9/13/2006