Task 5.7



I am using dynamips with IE .net file with its IOS : c3640-jk9o3s-mz.123-14.T7.extracted.bin

When using ip nat pool with "add-route" R8 does not  get a reply, even though "debug ip nat" on R4 clearly shows that replies are sent to R8.

When using just "ip route null 0" and removing the "add route" from the nat pool, everything start working as it should.


I wonder if someone else experianced the same problem?




  • The IOS I'm running didn't have the 'add-route' as an option so I used the static route to Null0 like you did and it works fine.

  • I noticed strange results here too.

    Working on the real kit on rackrentals using the 'add-route' statement in the nat pool.


    If I 'redistribute static' on R4 to send the add-route subnet into ISIS, although everyone sees the route OK and debug shows that NAt is working correctly, R8 never gets the ping reply.

    If I use BGP on R4 to advertise the 'add-route' subnet NAT debug is exactly the same yet this time the pings do get back to r8 and all seems to work.


    So looks like yet another bug to add the endless list for CCIE SP where output varies depending upon how you advertise the route into the IGP.

  • I got it working by adding a loopback to R3 in the network Besides, it took me 30 mins to find out that we need to have "bgp redistribute-internal" in R3 to make it work.

  • I had the same problem.  Adding as a secondary address on loopback 0 of R4 works as well.

  • I actually managed to solve this without additional interfaces. I implemented the entire solution solely on R3 (R4 only imports one more route-target). Steps were:

    1) Create VRF 65001 on R3, import and export to

    2) on R4, import 131.3.3:65001

    3) two static routes: "ip route vrf 65001 eth0/1 global" and "ip route 131.1.100 null0"

    4) Then just NAT rules (pool and matching)

    edit 5) on R3's BGP1234 address-family ipv4 vrf 65001 : "network mask"

    Works like a dream.

  • I used a loopback for NAT address space on R4 then advertise it on BGP without any problems and works fine.I didn't had to block anything however per solution guide towards R3 (route-map FILTER_BB3_NETWORKS out), as R8 wouldn't send the update back to R4 and R3 prefers the RIP routes that does not advertise or redistribute into BGP. Then R2 never gets an update for && and R7 does not know anything for BB3 networks.





Sign In or Register to comment.