[c-nsp] Advertising NAT pool using OSPF on the ASA
Luan Nguyen
luan at t3technology.com
Thu Jun 12 12:02:32 EDT 2008
Hello,
According to this document:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgna
t.html#wp1042725
If you NAT to a pool of address, then this pool of address will be advertise
to the upstream router automatically.
I have the set up: Router5-------outside-ASA-inside----Router6, running
OSPF between ASA and Router5.
I just can't get the global pool advertise to Router1 using OSPF. Anyone
done this before and know how?
ASA(config)#show run router ospf
router ospf 1
network 10.10.10.1 255.255.255.255 area 0
network 192.168.1.1 255.255.255.255 area 0
log-adj-changes
!
ASA(config)# show int ip brief
Interface IP-Address OK? Method Status
Prot
ocol
GigabitEthernet0/0 192.168.1.1 YES manual up
up
GigabitEthernet0/1 172.16.1.1 YES manual up
up
GigabitEthernet0/2 unassigned YES unset administratively down
down
GigabitEthernet0/3 10.10.10.1 YES manual up
up
Management0/0 unassigned YES unset administratively down
down
ASA(config)# show run static
static (inside,outside) 192.168.2.9 172.16.1.9 netmask 255.255.255.255
ASA(config)# show run global
global (outside) 1 192.168.2.10-192.168.2.253 netmask 255.255.255.0
ASA(config)# show run nat
nat (inside) 1 0.0.0.0 0.0.0.0
R5#show ip route ospf
10.0.0.0/24 is subnetted, 3 subnets
O 10.10.10.0 [110/11] via 192.168.1.1, 00:17:28, GigabitEthernet0/1
R6#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.....
R5(config)#
*Jun 12 15:53:17.675: ICMP: echo reply sent, src 5.5.5.5, dst 192.168.2.10
*Jun 12 15:53:19.675: ICMP: echo reply sent, src 5.5.5.5, dst 192.168.2.10
*Jun 12 15:53:21.675: ICMP: echo reply sent, src 5.5.5.5, dst 192.168.2.10
*Jun 12 15:53:23.675: ICMP: echo reply sent, src 5.5.5.5, dst 192.168.2.10
*Jun 12 15:53:25.675: ICMP: echo reply sent, src 5.5.5.5, dst 192.168.2.10
R5#show ip route 192.168.2.0
% Network not in table
How do I advertise 192.168.2.0/24 to R5 using OSPF?
Thanks.
Luan
http://63.210.18.237/luan/
More information about the cisco-nsp
mailing list