https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910735#M1103751 <P>So far as I remember, regular NAT should do: "ip nat inside source list 100 interface g0/1 vrf RED overload". RED VRF will be placed into translation entry. Responses will be accepted in any VRF, including VRF BLUE, traffic UNNATed and sent to VRF RED. This should work identically in IOS and IOS-XE. Need to be tested though. (I could never understand why docs and Cisco NAT FAQ says that NAT NVI is required to NAT between different VRFs).</P><P>If you NAT to a pool borrowed from connected subnet, you may need to add "match-in-vrf" option, otherwise GARP entry is programmed in global VRF.</P><P>&nbsp;</P> Wed, 23 Aug 2023 15:46:42 GMT tvotna 2023-08-23T15:46:42Z https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910473#M1103723 <P>Hello Guys,&nbsp;</P> <P>Does anyone tried to make conditional NAT between different VRFs and is it even supported in IOS ?</P> <P>&nbsp;</P> Wed, 23 Aug 2023 07:58:03 GMT https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910473#M1103723 Palazsto 2023-08-23T07:58:03Z https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910501#M1103725 <LI-CODE lang="markup">conditional NAT between different VRFs </LI-CODE> <P>Can you give some example of your use case</P> <P>as per i know NAT supported in VRF in IOS latest code as i know.</P> Wed, 23 Aug 2023 08:52:47 GMT https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910501#M1103725 balaji.bandi 2023-08-23T08:52:47Z https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910522#M1103726 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="inter-vrf-cond-nat.PNG" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/195064i8BED7131E8C970CF/image-size/medium?v=v2&amp;px=400" role="button" title="inter-vrf-cond-nat.PNG" alt="inter-vrf-cond-nat.PNG" /></span></P> <P>if source address is 192.168.1.1 and the destination is 172.16.1.1 then NAT 192.168.1.1 to 10.1.1.1 </P> <P>&nbsp;</P> Wed, 23 Aug 2023 09:35:06 GMT https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910522#M1103726 Palazsto 2023-08-23T09:35:06Z https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910532#M1103727 <P>You can do that NAT in normal right - or am i missing anything here ?</P> Wed, 23 Aug 2023 09:56:46 GMT https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910532#M1103727 balaji.bandi 2023-08-23T09:56:46Z https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910551#M1103728 <P>I think vrfs change the picture, and NVI must be involved but I don't see many docs and config guides.</P> Wed, 23 Aug 2023 10:23:53 GMT https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910551#M1103728 Palazsto 2023-08-23T10:23:53Z https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910735#M1103751 <P>So far as I remember, regular NAT should do: "ip nat inside source list 100 interface g0/1 vrf RED overload". RED VRF will be placed into translation entry. Responses will be accepted in any VRF, including VRF BLUE, traffic UNNATed and sent to VRF RED. This should work identically in IOS and IOS-XE. Need to be tested though. (I could never understand why docs and Cisco NAT FAQ says that NAT NVI is required to NAT between different VRFs).</P><P>If you NAT to a pool borrowed from connected subnet, you may need to add "match-in-vrf" option, otherwise GARP entry is programmed in global VRF.</P><P>&nbsp;</P> Wed, 23 Aug 2023 15:46:42 GMT https://community.cisco.com/t5/network-security/conditional-nat-between-different-vrfs/m-p/4910735#M1103751 tvotna 2023-08-23T15:46:42Z