Checking through I can see that CE1 (SW1) does indeed get the default route, injected via R6 (PE):
SW1#sh ip route | in 0.0.0.0
Gateway of last resort is 155.1.67.6 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 155.1.67.6, 01:14:40
I can also successfully ping the "Internet" route 212.18.1.1 from SW1:
SW1#ping 212.18.1.1 source loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.18.1.1, timeout is 2 seconds:
Packet sent with a source address of 150.1.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/35/42 ms
I can see the corresponding NAT translation on R6:
R6#sh ip nat tra
Pro Inside global Inside local Outside local Outside global
icmp 54.1.1.6:3 150.1.7.7:3 212.18.1.1:3 212.18.1.1:3
However, the SG then shows output from SW2 (CE2) doing the same ping, with success. If I look on SW2 I can see that it also has the injected default route.
SW2#sh ip route | in 0.0.0.0
Gateway of last resort is 155.1.67.6 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 155.1.67.6, 01:34:45
However, a traceroute to the internet from SW2 produces the following output:
Tracing the route to 212.18.1.1
1 155.1.58.5 [AS 100] 17 msec 0 msec 0 msec
2 155.1.58.5 [AS 100] !H * !H
Could someone explain, based on the SG, how SW2 should be able to ping the internet addresses?
thanks