Re: Inter-VRF Port Forwarding

Cory Anderson · ‎10-24-2024

I have a scenario where there's a single router with a WAN interface using a front door VRF. The internal host 192.168.1.10 is a web server and I want to port forward port 8080 to port 80. I thought something like this would be okay, but I'm having no luck. Anybody know what I'm missing?

interface G0

ip vrf forwarding EXT_VRF

ip address negotiation

ip nat outside

interface vlan 10

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip nat inside source static tcp 192.168.1.10 80 interface g0 8080 vrf EXT_VRF

ip route 0.0.0.0 0.0.0.0 g0

ip route vrf EXT_VRF 192.168.1.10 255.255.255.0 vlan10

MHM Cisco World · ‎10-28-2024

What is router platform you use ?

MHM

Flavio Miranda · ‎10-28-2024

@Cory Anderson

You are using 192.168.10.1 on the interface vlan and 92.168.1.10 on the NAT and route. Which is which?

Cristian Matei · ‎10-29-2024

Hi,

Out of curiosity, for which specific scope you're using VRF lite? I don't know the entire router config, so there might be valid reasons, however, if it's not the case, ideally you should avoid such complications.

Now, moving to the presented challenge, a working config would be as follows:

interface G0
  ip vrf forwarding EXT_VRF
  ip address negotiation
  ip nat outside
!
interface vlan 10
  ip address 192.168.10.1 255.255.255.0
  ip nat inside
!
no ip route 0.0.0.0 0.0.0.0 g0
ip route 0.0.0.0 0.0.0.0 g0 NEXT-HOP-IP
ip route 192.168.1.0 255.255.255.0 Vlan10 NEXT-HOP-IP
!
no ip route vrf EXT_VRF 192.168.1.10 255.255.255.0 vlan10
ip route vrf EXT_VRF 192.168.1.10 255.255.255.0 vlan10 NEXT-HOP-IP global
ip route vrf EXT_VRF 0.0.0.0 0.0.0.0 g0 NEXT-HOP-IP
!
no ip nat inside source static tcp 192.168.1.10 80 interface g0 8080 vrf EXT_VRF
ip nat inside source static tcp 192.168.1.10 80 interface g0 8080

Best,

Cristian.