Routing for CGNAT via Mettle NAS

Configuration
admin

Configuration for natted private IPs routed throught Mettle.

Here, for NAS 173,
1. routing: Gateway:VRF > core-60 > NAS
2. add private networks in ACL “gpon98” corresponding to the route map “MettleLimited” applied on the Te4/7 interface on core, which is the routing port, is connected to NAS’s WAN.

eg:

GW:
router static
address-family ipv4 unicast
vrf GPON-IN-All
address-family ipv4 unicast
100.127.24.0/21 202.88.231.60

Core:
ip route 100.127.24.0 255.255.248.0 202.88.229.173

interface TenGigabitEthernet4/7
description #### 10G- SPG 3rd WAN 229.173 ####
ip address 202.88.229.174 255.255.255.252
ip policy route-map MettleLimited
no logging event link-status
load-interval 30
ipv6 enable
udld port disable
end

route-map MettleLimited permit 5
match ip address gpon98
set ip next-hop 202.88.231.98
!

Extended IP access list gpon98
10 deny ip any 202.88.241.64 0.0.0.7
20 deny ip 100.127.184.0 0.0.7.255 202.88.241.0 0.0.0.127
25 deny ip 100.127.16.0 0.0.7.255 202.88.241.0 0.0.0.127
30 deny ip 100.127.144.0 0.0.7.255 202.88.241.0 0.0.0.127
40 deny ip 100.127.220.0 0.0.3.255 202.88.241.0 0.0.0.127
45 deny ip 100.127.32.0 0.0.15.255 202.88.241.0 0.0.0.127
46 deny ip 100.127.224.0 0.0.15.255 202.88.241.0 0.0.0.127
50 deny ip 100.127.72.0 0.0.3.255 202.88.241.0 0.0.0.127
60 deny ip 100.127.168.0 0.0.7.255 202.88.241.64 0.0.0.15
70 deny ip 100.127.76.0 0.0.3.255 202.88.241.0 0.0.0.127
75 deny ip 100.127.48.0 0.0.7.255 202.88.241.0 0.0.0.127 (1978 matches)
76 deny ip 100.127.104.0 0.0.7.255 202.88.241.0 0.0.0.127
80 deny ip any 202.88.231.0 0.0.0.127 (1133849 matches)
90 deny ip any 202.88.238.0 0.0.0.127 (10454 matches)
100 deny ip 100.127.96.0 0.0.7.255 202.88.241.64 0.0.0.15 (111 matches)
110 deny ip 100.127.128.0 0.0.7.255 202.88.241.0 0.0.0.127 (1 match)
120 permit ip 100.127.220.0 0.0.3.255 any
125 permit ip 100.127.56.0 0.0.7.255 any (21520 matches)
130 permit ip 100.127.72.0 0.0.3.255 any (3401 matches)
135 permit ip 100.127.48.0 0.0.7.255 any (229611 matches)
138 permit ip 100.127.104.0 0.0.7.255 any (31 matches)
140 permit ip 100.127.203.0 0.0.0.255 any
150 permit ip 100.127.144.0 0.0.7.255 any (25078 matches)
155 permit ip 100.127.16.0 0.0.7.255 any (13836 matches)
160 permit ip 100.127.76.0 0.0.3.255 any (949 matches)
170 permit ip 100.127.128.0 0.0.7.255 any (9193 matches)
180 permit ip 100.127.168.0 0.0.7.255 any (29227 matches)
190 permit ip 100.127.96.0 0.0.7.255 any (28966 matches)
200 permit ip 100.127.79.0 0.0.0.255 any
210 permit ip 100.127.32.0 0.0.15.255 any
215 permit ip 100.127.224.0 0.0.15.255 any

220 permit ip 100.127.24.0 0.0.7.255 any

***

Route-maps are same from respective switch/virtual interfaces to NASs LAN.