cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

NAT with VRF !!!

hi Friends,

 

I need to configure NAT and static mapping so i can reach (SSH) internal devices (Servers) inside the Network (Private IP Addresses) from the Internet.

So i have problem combination VRF with NAT, The Interface Connecting to the Internet is in VRF and the Interface connecting to Internal Network is NOT on VRF, here is my Output..

 

R1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.69.2.30      YES NVRAM  up                    up
GigabitEthernet0/1         A.A.A.9         YES NVRAM  up                    up
Serial0/0/0                10.10.10.1      YES NVRAM  up                    up
Serial0/1/0                10.10.12.1      YES NVRAM  up                    up
Serial0/2/0                10.10.13.1      YES NVRAM  up                    up
Async1                     10.10.11.1      YES NVRAM  up                    up
Tunnel0                    10.5.5.1        YES NVRAM  up                    up

 

 

Note: Interface Gigabit0/1 have Public IP Address and connect to ISP through VRF cisco.
 
R1#show run interface gigabitEthernet 0/1
Building configuration...
 
Current configuration : 281 bytes
!
interface GigabitEthernet0/1
ip vrf forwarding cisco
ip address A.A.A.9 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
end
 
R1#show run interface gigabitEthernet 0/0
Building configuration...
 
Current configuration : 258 bytes
!
interface GigabitEthernet0/0
ip address 10.69.2.30 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
decnet cost 4
end
 
Notice that interface gi0/0 is NOT part of the VRF.
 
R1#show run | include ip route
ip route 10.41.2.0 255.255.255.0 Serial0/2/0
ip route 192.0.69.0 255.255.255.0 Serial0/0/0
ip route 192.168.0.0 255.255.255.0 10.69.2.254
ip route 192.168.21.0 255.255.255.0 Async1
ip route vrf cisco 0.0.0.0 0.0.0.0 A.A.A.10
 
i am not even sure it's a valid design, because IP NAT OUTSIDE interface is in VRF cisco and IP NAT INSIDE interface is not on any VRF.
 
any advice will be much appreciated
 
Update 1:
  • i already configure NAT at home LAB and it's working correctly without the VRF.
Update 2: 
  • i copy the configuration from R1 to the R1 on LAB and configure the Interface gi0/0 to the Same VRF and i was able to connect to the Internal Devices through the NAT but when i configure the Live Device on the Field it didn't work!!!  ..   here is the Configuration:

henrt1#show run | section nat

interface gi0/0
 ip nat inside

interface gi0/1
 ip nat outside

!
ip nat inside source static tcp 10.69.2.30 23 A.A.A.9 30003 vrf cisco extendable
ip nat inside source static tcp 10.69.2.10 23 A.A.A.9 30010 vrf cisco extendable

 

any suggestion ? thoughts ?

Thanks for taking the time to read and replay to my post.

 

Who Me Too'd this topic