I have one outside, public interface with a single IP. That interface is in VRF INTERNET. I have two internal VRFs for GUEST and CONTRACTOR internet access that I need segmented. This is all separate from the global routing table for corporate devices. My NAT overload is not working as I am not seeing any NAT Translations and users have no internet. If i put the internet access VLANs in the same VRF as the outside interface, it works. Any ideas?
See config below.
vrf definition IWAN-INTERNET
!
address-family ipv4
exit-address-family
!
vrf definition GUEST
!
address-family ipv4
exit-address-family
!
vrf definition BYOD
!
address-family ipv4
exit-address-family
!
ip dhcp pool GUEST
vrf GUEST
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.222.222 208.67.220.220
!
ip dhcp pool BYOD
vrf BYOD
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.222.222 208.67.220.220
!
ip nat inside source list 100 interface GigabitEthernet0/0/2 vrf GUEST overload
!
ip nat inside source list 100 interface GigabitEthernet0/0/2 vrf BYOD overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
int gig 0/0/1.300
vrf forwarding BYOD
encapsulation dot1q 300
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
int gig 0/0/1.301
vrf forwarding GUEST
encapsulation dot1q 301
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/2
vrf forwarding IWAN-INTERNET
ip address <public ip>
ip nat outside
ip access-group IWAN-INTERNET-IN in
negotiation auto
ntp disable
ip virtual-reassembly
!
