09-08-2019 06:24 PM - edited 09-08-2019 06:28 PM
Having an issue getting my global table to forward all outbound internet requests to the FVRF i have configured. This is simple config, but yet its been racking my brain. I figure I need another set of eyes looking at this to tell me what I am doing wrong. This is configured on a 2911 series router. If i ping the outside world from the VRF-INET1, I can get out. When I ping from the global table to the outside, nothing. I can see NAT working, but not getting out.
vrf definition VRF-INET1
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet0/1
vrf forwarding VRF-INET1
ip address x.x.x.x 255.255.255.252
no ip unreachables
ip nat outside
ip virtual-reassembly in
ip policy route-map RM_TX_INTERNAL
duplex auto
speed auto
end
!
interface GigabitEthernet1/0
ip address 10.30.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
end
!
ip access-list extended ACL_TX_INTERNAL
permit ip any 10.30.0.0 0.0.255.255
!
route-map RM_TX_INTERNAL permit 10
match ip address ACL_TX_INTERNAL
set global
!
ip nat inside source route-map RM_INET interface GigabitEthernet0/1 overload
!
route-map RM_INET permit 10
match ip address ACL_NONAT
match interface GigabitEthernet0/1
!
ip access-list extended ACL_NONAT
deny ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255
deny ip 192.168.1.0 0.0.0.255 10.20.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.30.0.0 0.0.255.255 any
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 10 name DEFAULT-ROUTE-FVRF
ip route vrf VRF-CELL 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route vrf VRF-INET1 0.0.0.0 0.0.0.0 50.84.92.1
Why is this not working?
Thanks
09-08-2019 06:26 PM - edited 09-08-2019 06:27 PM
**CONFIG**
vrf definition VRF-INET1
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet0/1
vrf forwarding VRF-INET1
ip address x.x.x.x 255.255.255.252
no ip unreachables
ip nat outside
ip virtual-reassembly in
ip policy route-map RM_TX_INTERNAL
duplex auto
speed auto
end
!
interface GigabitEthernet1/0
ip address 10.30.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
end
!
ip access-list extended ACL_TX_INTERNAL
permit ip any 10.30.0.0 0.0.255.255
!
route-map RM_TX_INTERNAL permit 10
match ip address ACL_TX_INTERNAL
set global
!
ip nat inside source route-map RM_INET interface GigabitEthernet0/1 overload
!
route-map RM_INET permit 10
match ip address ACL_NONAT
match interface GigabitEthernet0/1
!
ip access-list extended ACL_NONAT
deny ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255
deny ip 192.168.1.0 0.0.0.255 10.20.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.30.0.0 0.0.255.255 any
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 10 name DEFAULT-ROUTE-FVRF
ip route vrf VRF-CELL 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route vrf VRF-INET1 0.0.0.0 0.0.0.0 50.84.92.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide