The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2002-Jan> msg00169



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

RE: REG: MPLS VPN & NAT.

  • From: Marcelo Blanes <mblanes@larc.usp.br>
  • Date: Fri, 18 Jan 2002 21:19:01 -0200 (EDT)
  • cc: "'raszuk@cisco.com'" <raszuk@cisco.com>, Vinod Anthony Joseph Cherunni <vac@antarix.biz>, mpls-ops@mplsrc.com
  • Resent-Date: Fri, 18 Jan 2002 19:12:55 -0500
  • To: Karl Garcia <Karl.Garcia@cosinecom.com>
  • X-Sender: mblanes@melao

Vinod,

I think you have a mismatched conf in your router. In your show run:

 interface Serial 0/2
  # Interface to the MPLS Private VPN #
  ip address 192.168.20.1 255.255.255.252
  ip nat outside

change to:

 interface Serial 0/2
  # Interface to the MPLS Private VPN #
  ip address 192.168.20.1 255.255.255.252
  ip nat inside

I think it will solve the problem.

Marcelo.

On Fri, 18 Jan 2002, Karl Garcia wrote:

> In a way it does have to do with MPLS and MPLS-VPNS.  Vinod is running
> into the exact network design problem that people have brought up here
> before;
> namely that the NAT should happen at the edge of the network and with
> MPLS-VPNS, the edge of the network is now in the PE not the CPE.
> 
> Yes, you can call it a configuration error, but I think it is larger than
> that,
> it is a network design issue.  Sure you can cobble together a network
> to do just about anything, but in the long run it is the less complicated
> networks that will be faster and easier to configure and then maintain.
> 
> ________
> Karl
> 
> -----Original Message-----
> From: Robert Raszuk [mailto:raszuk@cisco.com]
> Sent: Friday, January 18, 2002 1:41 AM
> To: Vinod Anthony Joseph Cherunni
> Cc: mpls-ops@mplsrc.com
> Subject: Re: REG: MPLS VPN & NAT.
> 
> 
> 
> This is hapening on CE right ? If so it has really nothing to do with
> MPLS or MPLS-VPNs. All you need to do is configure your NAT right. Pls
> open a TAC case so they could help you with this. 
> 
> R.
> 
> > Vinod Anthony Joseph Cherunni wrote:
> > 
> > Dear All,
> > 
> > In an MPLS VPN connection, a customer connects to my backbone for
> > Intranet VPN connectivity, & Internet connectivity, I have a scenario
> > in regard to NAT, wherein i have a single internal interface, & two
> > external interface ( 1 connecting to the Internet, & the other to an
> > MPLS based private Network).
> > 
> > Now the secnario is such that there is a single host on the internal
> > network that gets Natted to  a public IP when transiting the interface
> > connected to the Internet as follows -
> > 
> > 172.16.1.1 NATTED To 201.4.1.1
> > 
> > Now the interface connecting to the private network also has a set of
> > hosts that get NATTED for certain reasons, therefore even that
> > interface is configured for "ip nat outside". But this host
> > "172.16.1.1" does not need to get NATTED, & i would prefer it go acoss
> > to the private network without NAT, & across to the Internet NATTED.
> > 
> > Will the following config, cause the host not to be NATTED, when
> > getting across to the MPLS VPN.
> > 
> >  interface Loopback0
> >  ip address 1.1.1.1 255.255.255.0
> >  !
> >  interface Ethernet0/0
> >  ip address 172.16.1.2 255.255.255.0
> >  ip nat inside
> >  ip route-cache policy
> >  ip policy route-map nonat
> >  !
> >  interface Serial 0/1
> >  # Interface to the Internet #
> >  ip address 200.1.1.1 255.255.255.252
> >  ip nat outside
> > 
> >  interface Serial 0/2
> >  # Interface to the MPLS Private VPN #
> >  ip address 192.168.20.1 255.255.255.252
> >  ip nat outside
> > 
> >  access-list 123 permit ip host 172.26.1.1172.16.1.0 0.0.0.255
> >  !--- Except the private network from the NAT process:
> >  route-map nonat permit 10
> >  match ip address 123
> >  set ip next-hop 1.1.1.2
> > 
> > Kindly advise,
> > 
> > With warm regards,
> > 
> > Vinod.
> 
> -------
> The MPLS-OPS Mailing List
> Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
> ############################################################################
> ########################## This email communication may contain CONFIDENTIAL
> INFORMATION and is intended only for the use of the intended recipients
> identified above.  If you are not the intended recipient of this
> communication, you must not use, disclose, distribute, copy or print this
> email. If you have received this communication in error, please immediately
> notify the sender by reply email, delete the communication and destroy all
> copies.
> ############################################################################
> ##########################
> 

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml