Is there a way I can NAT routing updates?

I have a need to connect to a customer site and exchange BGP with the customer. This is all fine. But the customer has all RFC space addressing and won't/can't NAT. I don't have an issue with natting their addresses as they come into our network but I want to keep dynamic routing intact since They will have multiple connections into our network for redunancy. Their RFC addressing conflicts with what we have internally so we can't redistribute their routes into our internal network unless somehow these routes they deliver to us via BGP can be NAT'd. (They can receive our routes since we will only be redistributing our public networks to them). Can this type of NAT'ng be done?

If routing updates can't be natted, I was thinking that I can just add static routes pointing to their dynamic routes and redistribute those statics into our internal network. If for some reason we lose a dynamic route from them, I'm hoping that maybe the dynamic route will be deleted from the routing table.


Let's say they deliver a route to us like:

B [20/2] via, 2w4d

This route conflicts with a network in our internal network.

So I add the following static route:

ip route

and redistribute this route internally.

Now I just nat anything coming in as to

If I lose the route from the customer, my static route should go away as well. I would much rather just be able to NAT the route. But....

Any ideas, suggestions?

Thanks for your help!

Reply to
Loading thread data ...

You can not know what is behind NAT - That is the general idea. So given this, you NEED to know that. If you have overlapping nets, then you can only do a one-to-one NAT, i.e. you must assign them IP that do not conflict within yours. and then do NAT on this and route on this aswell.

Reply to
Martin Bilgrav

Doing BGP through a firewall with NAT is not a problem, but you do have to do the fixups manually and it is very easy to put together a configuration which only appears to work. See the white paper on setting up redundant paths through redundant NAT firewalls on my website for some ideas. Handling the address overlap is a separate issue and is best handled by treating the "route exists" determination and the "routing to your client" challenges separately. If your firewall is going to serve as a firewall, you want to think static routing regardless... do you really want a configuration mistake by your client to bring down your network?

Good luck and have fun!

Reply to
Vincent C Jones

NAT them and fake the BGP with a PC or two running OpenBSD and OpenBGPD. Might need to check connectivity with a few scripts and use that to feed into OpenBGPD to mimic route updates as required.


Reply to
Mark Lar Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.