The MPLS-OPS Archive

[Karl Garcia <Karl.Garcia@cosinecom.com>]

Title: RE: REG: MPLS VPN & NAT.

In a way it does have to do with MPLS and MPLS-VPNS.  Vinod is running
into the exact network design problem that people have brought up here before;
namely that the NAT should happen at the edge of the network and with
MPLS-VPNS, the edge of the network is now in the PE not the CPE.

Yes, you can call it a configuration error, but I think it is larger than that,
it is a network design issue.  Sure you can cobble together a network
to do just about anything, but in the long run it is the less complicated
networks that will be faster and easier to configure and then maintain.

________
Karl

-----Original Message-----
From: Robert Raszuk [mailto:raszuk@cisco.com]
Sent: Friday, January 18, 2002 1:41 AM
To: Vinod Anthony Joseph Cherunni
Cc: mpls-ops@mplsrc.com
Subject: Re: REG: MPLS VPN & NAT.

This is hapening on CE right ? If so it has really nothing to do with
MPLS or MPLS-VPNs. All you need to do is configure your NAT right. Pls
open a TAC case so they could help you with this.

R.

> Vinod Anthony Joseph Cherunni wrote:
>
> Dear All,
>
> In an MPLS VPN connection, a customer connects to my backbone for
> Intranet VPN connectivity, & Internet connectivity, I have a scenario
> in regard to NAT, wherein i have a single internal interface, & two
> external interface ( 1 connecting to the Internet, & the other to an
> MPLS based private Network).
>
> Now the secnario is such that there is a single host on the internal
> network that gets Natted to  a public IP when transiting the interface
> connected to the Internet as follows -
>
> 172.16.1.1 NATTED To 201.4.1.1
>
> Now the interface connecting to the private network also has a set of
> hosts that get NATTED for certain reasons, therefore even that
> interface is configured for "ip nat outside". But this host
> "172.16.1.1" does not need to get NATTED, & i would prefer it go acoss
> to the private network without NAT, & across to the Internet NATTED.
>
> Will the following config, cause the host not to be NATTED, when
> getting across to the MPLS VPN.
>
>  interface Loopback0
>  ip address 1.1.1.1 255.255.255.0
>  !
>  interface Ethernet0/0
>  ip address 172.16.1.2 255.255.255.0
>  ip nat inside
>  ip route-cache policy
>  ip policy route-map nonat
>  !
>  interface Serial 0/1
>  # Interface to the Internet #
>  ip address 200.1.1.1 255.255.255.252
>  ip nat outside
>
>  interface Serial 0/2
>  # Interface to the MPLS Private VPN #
>  ip address 192.168.20.1 255.255.255.252
>  ip nat outside
>
>  access-list 123 permit ip host 172.26.1.1172.16.1.0 0.0.0.255
>  !--- Except the private network from the NAT process:
>  route-map nonat permit 10
>  match ip address 123
>  set ip next-hop 1.1.1.2
>
> Kindly advise,
>
> With warm regards,
>
> Vinod.

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
###################################################################################################### This email communication may contain CONFIDENTIAL INFORMATION and is intended only for the use of the intended recipients identified above.  If you are not the intended recipient of this communication, you must not use, disclose, distribute, copy or print this email. If you have received this communication in error, please immediately notify the sender by reply email, delete the communication and destroy all copies. ######################################################################################################