07-22-2021 12:48 PM - edited 07-22-2021 01:26 PM
I have a hub and spoke, internal network. Each spoke has an endpoint device with fixed IP settings that can't be configured. The Hub is a Cisco Cat 9500. The spokes use a proprietary encryption device as a router and doesn't support NAT.
IP Address: 192.168.0.2 /24
Gateway: 192.168.0.1
There are multiple spokes, and the endpoints need to be reachable by a configurable server connected to the 9500. For proof of concept, I'm looking for a NAT solution where the server, which is in the global vrf, can have a host file with multiple unique entries for each spoke, and the 9500 can do inter-vrf NAT. There could be up to 10 spokes with the endpoints using the same IP addresses.
Trying something in an emulator, I got this:
interface FastEthernet0/0.100
encapsulation dot1Q 100
vrf forwarding 100
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/0.101
encapsulation dot1Q 101
vrf forwarding 101
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/0.102
encapsulation dot1Q 102
vrf forwarding 102
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip nat inside
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip nat inside source static 192.168.0.2 192.168.1.3 vrf 100 extendable match-in-vrf
ip nat inside source static 192.168.0.2 192.168.1.4 vrf 101 extendable match-in-vrf
ip nat inside source static 192.168.0.2 192.168.1.5 vrf 102 extendable match-in-vrf
07-23-2021 01:10 AM
Hello
Your configuration doesnt look correct, the inside hosts with the same ip address i assume would be 192.168.0.2 and then you server which is say 192.168.1.150 would reside in the global route table as such you also wouldnt require the match-in-vrf
Example:
ip nat inside source static 192.168.0.2 192.168.1.100 vrf 100
ip nat inside source static 192.168.0.2 192.168.1.101 vrf 101
ip nat inside source static 192.168.0.2 192.168.1.102 vrf 102
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 192.168.1.x < global next hop ip address
ip route vrf 100 0.0.0.0 0.0.0.0 FastEthernet1/0 192.168.1.x global < global next hop ip address
ip route vrf 101 0.0.0.0 0.0.0.0 FastEthernet1/0 192.168.1.x global < global next hop ip address
ip route vrf 102 0.0.0.0 0.0.0.0 FastEthernet1/0 192.168.1.x global < global next hop ip address
int fa1/0
ip nat outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide