Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
2
Replies

NAT in VRF over ASR router

e.ciollaro
Level 4
Level 4

‎02-07-2016 06:40 AM - edited ‎03-05-2019 03:17 AM

Hi experts,

I have to configure an ASR router for VRF Lite; WAN and LAN interfaces will be configured with logical interface associated with specific VLAN; each subinterface will be associated to a VRF instance and routing based on MP-BGP (NO MPLS). Traffic for one of these VRF/VLAN require static NAT for an entire network; is there any issue to consider  or it's just a standard NAT as if it ware in global routing table ?

Labels:
0 Helpful
2 Replies 2

loris.marcellini
Level 1
Level 1

‎02-07-2016 01:10 PM

Hello e.ciollaro,

it looks like you need a tipical VRF-aware NAT integration.

I don't know why you are using or trying to use the MP-BGP without MPLS, but I think the following could be a solution to be applied in a VRF-lite environment using an "egress NAT Router":

vrf definition OUT
vrf definition IN
!

!

int fa0/0
description To Layer 2 point
no shut
!
int fa0/0.10
description Link To ISP
enc dot1q 10
vrf forwarding OUT
ip add 10.0.10.1 255.255.255.252
ip nat outside

!
int fa0/0.20
description Link To LAN
enc dot1q 20
vrf forwarding IN
ip add 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat pool PUBLIC-IP 100.100.100.0 100.100.100.10 netmask 255.255.255.0
ip nat inside source list NAT pool PUBLIC-IP vrf IN overload
!
ip route vrf OUT 0.0.0.0 0.0.0.0 10.0.10.2 name Default_via_ISP
ip route vrf IN 0.0.0.0 0.0.0.0 FastEthernet0/0.10 10.0.10.2 name Route_Leaking_NAT
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any

!

router bgp 12345

!

neighbor 2.2.2.2 remote-as 12345

!
address-family ipv4 unicast vrf IN
network 0.0.0.0
redistribute connected
exit address-family

...

...

I'm sorry if something is missing, it's a hand-made config...


"is there any issue to consider  or it's just a standard NAT as if it ware in global routing table ?"

the solution requires the Route_Leaking betwenn the VRF (static route) so that the traffic can flows across the network, reaching the Egress Router and passing through the Inside to the Outside matching the NAT condition.

Hope it will helps.

L.

0 Helpful

e.ciollaro
Level 4
Level 4
In response to loris.marcellini

‎02-09-2016 12:12 AM

Hi Loris

first of all thank you for your replay.

The scenario is slightly different: outside and inside interf has the same VRF (so no route leaking) and, one of this VRF requires NAT from outside to inside. It's just a straightforward config but I never did on ASR; my concerning was about implementing it on ASR  insted of  ISR but, as  I can see form you config, it's exactly the same.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card