Few weeks ago I struggled with a configuration that contained BGP and NAT. First I made some really difficult configuration which worked in GNS3 but eventually it didn’t worked on a real router. [ My configuration is based on a cisco router 2951 ]
To create a configuration with BGP and NAT you’ve to do the following steps:
interface GigabitEthernet0/1 description BGP Link 1 to ISP ip address <ip address> 255.255.255.252 ip nat outside ip virtual-reassembly in duplex auto speed auto
In my configuration I had 2 BGP links interface GigabitEthernet0/1
interface GigabitEthernet0/2 description BGP Link 2 to ISP ip address <ip address> 255.255.255.252 ip nat outside ip virtual-reassembly in duplex auto speed auto
I created after this a loopback interface for the MAIN of the extra subnet I had.
interface Loopback100 ip address <1st ip block address> <ip block subnet> ip nat outside ip virtual-reassembly in
Next step is to configure the internal LAN interface.
interface GigabitEthernet0/0 ip address <ip address> 255.255.255.0 no ip redirects no ip unreachables ip flow ingress ip nat inside ip virtual-reassembly in ip route-cache same-interface ip route-cache policy duplex auto speed auto hold-queue 100 out
BGP Configuration can be different per ISP in my case I had 1 ISP but 2 different BGP uplinks
router bgp <as number> bgp always-compare-med bgp log-neighbor-changes bgp deterministic-med network <network address of IP block > mask <subnetmask of IP block> redistribute connected redistribute static neighbor <remote ip bgplink 1> remote-as <as number> neighbor <remote ip bgplink 1> description *** BGP Link#1 with ISP *** neighbor <remote ip bgplink 1> timers 5 15 neighbor <remote ip bgplink 1> remove-private-as neighbor <remote ip bgplink 1> soft-reconfiguration inbound neighbor <remote ip bgplink 1> route-map your-bgp-in in neighbor <remote ip bgplink 1> route-map your-bgp-out out neighbor <remote ip bgplink 2> remote-as <as number> neighbor <remote ip bgplink 2> description *** BGP Link#2 with ISP *** neighbor <remote ip bgplink 2> timers 5 15 neighbor <remote ip bgplink 2> remove-private-as neighbor <remote ip bgplink 2> soft-reconfiguration inbound neighbor <remote ip bgplink 2> route-map your-bgp-in in neighbor <remote ip bgplink 2> route-map your-bgp-out out maximum-paths 8 no auto-summary
To test if your first link is okay you can use the following command to shutdown the second bgp link.
neighbor <remote ip bgplink 2> shutdown
Next think you have to do is to create a static route to the Null0 interface and to create an ip nat pool.
ip route <ip block 1st addres> <ip block subnet> Null0 ip nat pool <name> <first usable ip address> <first usable ip addres or last > prefix-length 26
When you have configured these settings we continue to configre some ip prefix-lists on the router.
ip prefix-list your-bgp-out description *** Send yourname Prefixes and P2P-Link to ISP *** ip prefix-list your-bgp-out seq 5 permit <ip address block/prefix eq 26>
When we have configured the ip prefix-list we can continue to configure a route-map which links to these prefix listes
route-map your-bgp-in permit 10 description *** [ Set Localpref to 100 to prefer this link, mark routes with <remark of ISP> ] *** set local-preference 100 set community <depends on ISP> ! route-map your-bgp-out permit 10 description *** [ Advertise Yourname Prefixes ] *** match ip address prefix-list your-bgp-out
If you have configured al these settings. you will be able to configure an access-list on the interface loopback. I’ve to figure out how to enable VPN access on this kind of connection.
More to continue …