NAT 2 router w/ BGP
Posted: Mon Sep 05, 2016 1:38 am
I have 2 routers with BGP divulge one / 22 and different / 23 in each.
I have one client with internal ip, I need to do NAT for specific ip. The download is the router 2, however need to upload it for the router 1.
Say:
10.1.1.2 -> 203.0.113.2
I checked:
/ Ip settings
September rp-filter = no tcp-syncookies = no
/ IP connection firewall tracking
September enabled = yes generic-timeout = 10m icmp-timeout = 10s tcp-close-timeout = 10s tcp-close-wait-timeout = 10s tcp-established-timeout = 10m tcp-fin-wait-timeout = 10s \
tcp-last-ack-timeout = 10s tcp-max-retrans-timeout = 5m tcp-syn-received-timeout = 5s tcp-syn-sent-timeout = 5s tcp-time-wait-timeout = 10s tcp-unacked-timeout = 5m \
udp-stream-timeout = 3m udp-timeout = 10s
For this in the router 1 and router 2 created the following rules:
/ Ip firewall nat
add action = dst-nat chain = dstnat comment = "2 CLI" dst-address = 203.0.113.2 to-addresses = 10.1.1.2
add action = src-nat chain = srcnat comment = "CLI 2" out-interface = "ether-Link" src-address = 10.1.1.2 to-addresses = 203.0.113.2
When uploading and downloading occurs on the same router works fine, whatever the router when uploading and downloading occurs in different links there does not work.
What should I check more?
I have one client with internal ip, I need to do NAT for specific ip. The download is the router 2, however need to upload it for the router 1.
Say:
10.1.1.2 -> 203.0.113.2
I checked:
/ Ip settings
September rp-filter = no tcp-syncookies = no
/ IP connection firewall tracking
September enabled = yes generic-timeout = 10m icmp-timeout = 10s tcp-close-timeout = 10s tcp-close-wait-timeout = 10s tcp-established-timeout = 10m tcp-fin-wait-timeout = 10s \
tcp-last-ack-timeout = 10s tcp-max-retrans-timeout = 5m tcp-syn-received-timeout = 5s tcp-syn-sent-timeout = 5s tcp-time-wait-timeout = 10s tcp-unacked-timeout = 5m \
udp-stream-timeout = 3m udp-timeout = 10s
For this in the router 1 and router 2 created the following rules:
/ Ip firewall nat
add action = dst-nat chain = dstnat comment = "2 CLI" dst-address = 203.0.113.2 to-addresses = 10.1.1.2
add action = src-nat chain = srcnat comment = "CLI 2" out-interface = "ether-Link" src-address = 10.1.1.2 to-addresses = 203.0.113.2
When uploading and downloading occurs on the same router works fine, whatever the router when uploading and downloading occurs in different links there does not work.
What should I check more?