Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
1
Replies

FVRF-DIA

Cisco4Life
Level 1
Level 1

‎09-08-2019 06:24 PM - edited ‎09-08-2019 06:28 PM

Having an issue getting my global table to forward all outbound internet requests to the FVRF i have configured. This is simple config, but yet its been racking my brain. I figure I need another set of eyes looking at this to tell me what I am doing wrong. This is configured on a 2911 series router. If i ping the outside world from the VRF-INET1, I can get out. When I ping from the global table to the outside, nothing. I can see NAT working, but not getting out.

vrf definition VRF-INET1
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet0/1
vrf forwarding VRF-INET1
ip address x.x.x.x 255.255.255.252
no ip unreachables
ip nat outside
ip virtual-reassembly in
ip policy route-map RM_TX_INTERNAL
duplex auto
speed auto
end
!
interface GigabitEthernet1/0
ip address 10.30.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
end
!
ip access-list extended ACL_TX_INTERNAL
permit ip any 10.30.0.0 0.0.255.255
!
route-map RM_TX_INTERNAL permit 10
match ip address ACL_TX_INTERNAL
set global
!
ip nat inside source route-map RM_INET interface GigabitEthernet0/1 overload
!
route-map RM_INET permit 10
match ip address ACL_NONAT
match interface GigabitEthernet0/1
!
ip access-list extended ACL_NONAT
deny ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255
deny ip 192.168.1.0 0.0.0.255 10.20.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.30.0.0 0.0.255.255 any
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 10 name DEFAULT-ROUTE-FVRF
ip route vrf VRF-CELL 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route vrf VRF-INET1 0.0.0.0 0.0.0.0 50.84.92.1

 

Why is this not working?
Thanks

Labels:
0 Helpful
1 Reply 1

Cisco4Life
Level 1
Level 1

‎09-08-2019 06:26 PM - edited ‎09-08-2019 06:27 PM

**CONFIG**

 

vrf definition VRF-INET1
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet0/1
vrf forwarding VRF-INET1
ip address x.x.x.x 255.255.255.252
no ip unreachables
ip nat outside
ip virtual-reassembly in
ip policy route-map RM_TX_INTERNAL
duplex auto
speed auto
end
!
interface GigabitEthernet1/0
ip address 10.30.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
end
!
ip access-list extended ACL_TX_INTERNAL
permit ip any 10.30.0.0 0.0.255.255
!
route-map RM_TX_INTERNAL permit 10
match ip address ACL_TX_INTERNAL
set global
!
ip nat inside source route-map RM_INET interface GigabitEthernet0/1 overload
!
route-map RM_INET permit 10
match ip address ACL_NONAT
match interface GigabitEthernet0/1
!
ip access-list extended ACL_NONAT
deny ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255
deny ip 192.168.1.0 0.0.0.255 10.20.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.30.0.0 0.0.255.255 any
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 10 name DEFAULT-ROUTE-FVRF
ip route vrf VRF-CELL 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route vrf VRF-INET1 0.0.0.0 0.0.0.0 50.84.92.1

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card