Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
2
Replies

Inside VFR to Outside VRF NAT

extremal.v
Level 1
Level 1

‎12-03-2025 07:46 AM - edited ‎12-03-2025 07:48 AM

Hi! 

I have a problem with VRF NAT translations.

We have a cisco 1111 router with following configuration:

ip vrf WILDNET

ip vrf WILDNET_PT

ip vrf WILDNET_TM

interface GigabitEthernet0/0/0
description outside
ip vrf forwarding WILDNET
ip address 1.1.1.10 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat outside
negotiation auto
no cdp enable
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.3001
description description wildnet_UT
encapsulation dot1Q 3001
ip vrf forwarding WILDNET
ip address 2.2.2.2 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
!
interface GigabitEthernet0/0/1.3005
description wildnet_KL
encapsulation dot1Q 3005
ip vrf forwarding WILDNET
ip address 3.3.3.3 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
!
interface GigabitEthernet0/0/1.3009
description wildnet_TM
encapsulation dot1Q 3009
ip vrf forwarding WILDNET_TM
ip address 4.4.4.4 255.255.255.192
no ip redirects
no ip proxy-arp
ip nat inside
!
interface GigabitEthernet0/0/1.3013
description wildnet_PT
encapsulation dot1Q 3013
ip vrf forwarding WILDNET_PT
ip address 5.5.5.5 255.255.255.192
no ip redirects
no ip proxy-arp
ip nat inside

ip nat inside source list WILDNET-NAT interface GigabitEthernet0/0/0 vrf WILDNET overload

ip nat inside source list WILDNET_PT-NAT interface GigabitEthernet0/0/0 vrf WILDNET overload
ip nat inside source list WILDNET_TM-NAT interface GigabitEthernet0/0/0 vrf WILDNET overload

ip route vrf WILDNET 0.0.0.0 0.0.0.0 1.1.1.1
ip route vrf WILDNET_PT 0.0.0.0 0.0.0.0 1.1.1.1
ip route vrf WILDNET_TM 0.0.0.0 0.0.0.0 1.1.1.1


ip access-list extended WILDNET-NAT
10 permit ip 2.2.2.0 0.0.0.255 any
20 permit ip 3.3.3.0 0.0.0.255 any
ip access-list extended WILDNET_PT-NAT
10 permit ip 4.4.4.0 0.0.0.63 any
ip access-list extended WILDNET_TM-NAT
10 permit ip 5.5.5.0 0.0.0.63 any

So and the problem is that we have several different inside VRFs that I need to NAT into one outside VRF.

There is no problen translating VRFs which are in the same VRF with outside interface.

But when I try to make a NAT translation rule for the diffrent VRFs nothing works.

I found some examples with several VRFs but there were NAT translations into global interface.

So I am confused what VRF should I define in the NAT rule in my case and if I need some kind of route leaking?

Thank you in advanced!

 

Labels:
0 Helpful
2 Replies 2

Cristian Matei
VIP Alumni
VIP Alumni

‎12-13-2025 02:03 PM

Hi,

   You need to use VRF Aware Software Infrastructure NAT Implementation. Here's an example that should help you fix your setup:

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html

Thanks,

Cristian.

0 Helpful

paul driver
VIP
VIP

‎12-14-2025 02:13 AM

Hello
Most simplistic solution for your topology would be to put the wan interface into the global route table and then simply apply default static routes from each vrf to point to that global rib interface and next hop

Example:
no ip route vrf WILDNET 0.0.0.0 0.0.0.0 1.1.1.1
no ip route vrf WILDNET_PT 0.0.0.0 0.0.0.0 1.1.1.1
no ip route vrf WILDNET_TM 0.0.0.0 0.0.0.0 1.1.1.1

no ip nat inside source list WILDNET-NAT interface GigabitEthernet0/0/0 vrf WILDNET
no ip nat inside source list WILDNET_PT-NAT interface GigabitEthernet0/0/0 vrf WILDNET
no ip nat inside source list WILDNET_TM-NAT interface GigabitEthernet0/0/0 vrf WILDNET


interface GigabitEthernet0/0/0
description outside
no ip vrf forwarding WILDNET
ip address 1.1.1.10 255.255.255.0

ip nat inside source list WILDNET-NAT interface GigabitEthernet0/0/0 vrf WILDNET
ip nat inside source list WILDNET_PT-NAT interface GigabitEthernet0/0/0 vrf WILDNET_TM
ip nat inside source list WILDNET_TM-NAT interface GigabitEthernet0/0/0 vrf WILDNET_PT

ip route vrf WILDNET 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 global
ip route vrf WILDNET_PT 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 global
ip route vrf WILDNET_TM 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 global


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents