Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8452
Views
1
Helpful
2
Replies

NAT overload from VRF to Global

Go to solution
Rasmus Kiilerich
Level 1
Level 1

‎05-27-2018 12:13 AM - last edited on ‎07-03-2023 03:23 AM by Community Manager

Hi

 

Im trying to make a setup where several VRF´s (In this case called guest) share a single internet connection. The internet connection are in the global routing table.

I have made the route in the VRF pointing to the internet

default gateway

and used the "global" keyword. Likewise I have also made

NAT

overload and marked interfaces with "inside" and "outside"

Any device connected to the

VRF guest

do get a IP from the dhcp and can

ping the default gateway

in the subnet (172.16.237.254) but no further.

 

Anyone knows what I´m doing wrong?

 

 

vrf definition guest
rd 234:432
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ip dhcp pool guest
vrf guest
network 172.16.237.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
domain-name guest.int
default-router 172.16.237.254
!

interface GigabitEthernet9

description Internet

ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable

!
interface Vlan200
vrf forwarding guest
ip address 172.16.237.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!

ip nat inside source list guestSubnet interface GigabitEthernet9 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet9 192.168.1.1
ip route vrf guest 0.0.0.0 0.0.0.0 192.168.1.1 global
!
ip access-list standard guestSubnet
permit 172.16.237.0 0.0.0.255

 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎05-27-2018 04:43 AM - last edited on ‎07-03-2023 03:27 AM by Community Manager

Hello

 

ip nat

inside source list guestSubnet interface

GigabitEthernet9
vrf guest
ip route 172.16.237.0 255.255.255.0 vlan200

 

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎05-27-2018 10:46 AM - last edited on ‎07-03-2023 03:27 AM by Community Manager

Hello,

 

as an alternative to Paul's solution, you could also use the config below (changes marked in bold):

 

vrf definition guest
rd 234:432
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ip dhcp pool guest
vrf guest
network 172.16.237.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
domain-name guest.int
default-router 172.16.237.254
!

interface GigabitEthernet9

description Internet

ip address 192.168.1.2 255.255.255.0
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable

!
interface Vlan200
vrf forwarding guest
ip address 172.16.237.254 255.255.255.0
ip nat enable

ip virtual-reassembly in
!
ip nat pool GUEST 192.168.1.2 192.168.1.2 prefix-length 24
ip nat source list guestSubnet pool GUEST vrf guest overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet9 192.168.1.1
ip route vrf guest 0.0.0.0 0.0.0.0 192.168.1.1 global
!
ip access-list standard guestSubnet
permit 172.16.237.0 0.0.0.255

View solution in original post

2 Replies 2

Go to solution
paul driver
VIP
VIP

‎05-27-2018 04:43 AM - last edited on ‎07-03-2023 03:27 AM by Community Manager

Hello

 

ip nat

inside source list guestSubnet interface

GigabitEthernet9
vrf guest
ip route 172.16.237.0 255.255.255.0 vlan200

 

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎05-27-2018 10:46 AM - last edited on ‎07-03-2023 03:27 AM by Community Manager

Hello,

 

as an alternative to Paul's solution, you could also use the config below (changes marked in bold):

 

vrf definition guest
rd 234:432
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ip dhcp pool guest
vrf guest
network 172.16.237.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
domain-name guest.int
default-router 172.16.237.254
!

interface GigabitEthernet9

description Internet

ip address 192.168.1.2 255.255.255.0
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable

!
interface Vlan200
vrf forwarding guest
ip address 172.16.237.254 255.255.255.0
ip nat enable

ip virtual-reassembly in
!
ip nat pool GUEST 192.168.1.2 192.168.1.2 prefix-length 24
ip nat source list guestSubnet pool GUEST vrf guest overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet9 192.168.1.1
ip route vrf guest 0.0.0.0 0.0.0.0 192.168.1.1 global
!
ip access-list standard guestSubnet
permit 172.16.237.0 0.0.0.255
Customers Also Viewed These Support Documents