Friday, February 10, 2006

 

Trouble with NAT and OSPF (Question #8)

Consider the following configuration on a router doing NAT. It turns out that devices on the inside are unable to ping devices on the outside because the outside devices don't have a route back to the translated source address of 172.16.1.X. Why is that the case when clearly the 172.16.1.0 network is being advertised by OSPF? How can this be fixed?


interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.1.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
no keepalive
!
interface Serial2/0
ip address 171.69.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
no keepalive
serial restart-delay 0
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
router ospf 10
log-adjacency-changes
redistribute static subnets
network 171.69.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
!
ip nat pool NATPOOL 172.16.1.2 172.16.1.15 prefix-length 24
ip nat inside source list 1 pool NATPOOL
!
access-list 1 permit 10.0.0.0 0.255.255.255


Comments:
Taking a guess here...

Option 1) Adding "ip nat outside"
interface Loopback0
ip address 172.16.1.1 255.255.255.0
ip nat outside
!

Option 2) Adding route-map
interface Loopback0
ip address 172.16.1.1 255.255.255.0
ip policy route-map SET-HOP
!
route-map SET-HOP permit 10
set ip next-hop 10.x.x.x
 
No, this answer is not right. Here's a hint; Think about how routes to loopback interfaces are handled by default in OSPF.
 
I think the answer is:
1. Configure a loopback interface with an address within your NAT pool.
2. Use the command
ip ospf network point-to-point
under the created loopback.

This make the ospf process advertise the network as a network and not a /32.
Robert
Sweden
Soon to be CCNA
 
hi,
The reason for this behaviour is that by default the loopback interface is treated as a stub host and not a network and hence will be shown as
ip address 172.x.x.x/32 in the routing table. hence becoming a route for a single host.
this makes sure that the internal hosts with other ips are not reached.

please do let know if this is correct.
 
yes as the above comment mentions by anonymous
Ip ospf network point-to-point in the loopback interface config mode will help the network be advertised with the same subnet mask as configured on the interface (/24) rather than making it a host route.
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?