Redirect HTTP in through VRF

cyrille.dreux · ‎06-21-2016

Hi,

I have Cisco892 running Version 15.2(3r)XC and I would like a way to redirect HTTP trafic incoming on one inteface to go through another via a VRF.

I was thinking using sockets in TCL, a first one to listen on one side and a second to relay the trafic out to the real server. Kind of a transparent proxy, but allowing me to go through a specific VRF.

is that possible? any other way to tackle this?

Many thanks!

Philip D'Ath · ‎06-21-2016

You need to use NAT, but I'm not sure how to do this when a VRF is involved.

cyrille.dreux · ‎06-22-2016

Hi Philip

thanks for your quick reply.

I attached a schematic of the setup. What I need to do is through our routed LAN I can reach on side of the C892 and I need to access the Web UI on a SDL box on the other side of the C892 which is isolated in a VRF.

In this setup I can reach 10.0.0.4 but not the 192.168.0.1.

I would like to be able to go to http://10.0.0.4:80 that would translate into http://192.168.0.1:80.

What kind of NAT would be required as neither the client knows the route to the box, nor the box to the client?

The box must see the request as coming from the 192.168.0.12 interface of the C892 to be able to reply to it.

I know that is far fetch, but I can't simply reach the box on the internet side, sadly.

regards,

Cyrille

Philip D'Ath · ‎06-22-2016

I don't know the answer, but check out this guide for VRF aware NAT. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book.html