Hi experts,
I am doing an experiment to NAT traffic from global VRF to another VRF (called Internet). Please see my diagram. R1 is a host router with default gateway pointing to R2. R3 is simulating the ISP. Its lo0 with IP 3.3.3.3 is simulating an Internet host. R2 is doing the NAT.
I have tried both the traditional inside and outside NAT as well as the NVI NAT. I can NAT traffic from right to left fine with NVI NAT. However for traffic from left to right it doesn't work for me. Here is my config
vrf definition Internet
rd 1:1
route-target export 1:1
route-target import 1:1
!
address-family ipv4
exit-address-family
!
!
interface Ethernet0/0
ip address 10.0.12.2 255.255.255.0
ip nat inside
ip nat enable
!
interface Ethernet0/1
vrf forwarding Internet
ip address 172.16.23.2 255.255.255.0
ip nat outside
ip nat enable
!
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 172.16.23.3
ip route vrf Internet 0.0.0.0 0.0.0.0 172.16.23.3
!
ip nat source static 10.0.12.1 172.16.23.1 vrf Internet
ip nat source list NVI-NAT interface e0/1 vrf Internet overload
!
ip access-list extended NVI-NAT
permit ip 172.16.23.0 0.0.0.255 any
Now when I ping from R1 to 3.3.3.3 on R3, the R3 still got the un-NAT'ed traffic (from 10.0.12.1 to 3.3.3.3)
Is it possible to do NAT in this direction?
Thanks!
