Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
5
Helpful
5
Replies

Problem from VRF Global to VRF Internet Natting

ranjit123
Level 3
Level 3

‎07-03-2017 02:46 AM - edited ‎03-05-2019 08:47 AM

Hello All,

I have the below issue

I have a lan interface which is part of VRF global 

interface GigabitEthernet0/0

ip address

ip nat inside

and WAN interface which is part of another VRF and has a public IP

interface gi0/1

 ip vrf forwarding internet 

ip address public IP

ip nat outside

Also i have configured nat overload on this WAN interface as below

ip nat inside source list <name> interface GigabitEthernet0/1 overload

and done inter vrf routing

when i trace from the router for the IP's added in the source-list the trace works fine

 

but when i do a telnet on port 80 the IP's listed in the source list the port does not open and ICMP does not work.. ( these are working from internet)

Also i see hits in the nat translation table as below

router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp <IP>:49154 <IP>:49154 <IP>:33434 1<IP>:33434
udp <IP>:49155 <IP>:49155 <IP>:33435 <IP>33435
udp <IP>:49156 1<IP>:49156 <IP>:33436 <IP>:33436 
udp <IP>:49157 <IP>:49157 <IP>:33437 <IP>:33437
udp <IP>:49158 1<IP>:49158 <IP>:33438 <IP>:33438

Because of which the natting is not working... i also tried NAT NVI but it also does not work..

Any workaround..

Regards,

Ranjit

Labels:
0 Helpful
5 Replies 5

Julio E. Moisa
VIP Alumni
VIP Alumni

‎07-03-2017 04:38 AM

Hi

Usually the Internet is handled by the global table, are you using VRF for the Internet as well? are you importing the route-targets into each other, you could see if the data VRF subnets are into the Internet VRF. 

And if your G0/1 is configured to be part of a VRF, the NAT should be configured as well.

ip nat inside source list 1 interface g0/1  vrf internet 

But I dont remember if it is supported for overload. 

Usually to get Internet access through the global (global is not part of any VRF) for your VRF, you should configure:

ip route vrf VRF-NAME 0.0.0.0 0.0.0.0 GigabitEthernet 0/1 <The IP of the next hop> global




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

ranjit123
Level 3
Level 3
In response to Julio E. Moisa

‎07-03-2017 04:40 AM

Hello julio can you please provide me ur email ID..

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to ranjit123

‎07-03-2017 04:46 AM

Hi

You can contact me through ju.mois78@gmail.com




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

ranjit123
Level 3
Level 3
In response to Julio E. Moisa

‎07-03-2017 04:48 AM

thanks

0 Helpful

Drake22x
Level 1
Level 1
In response to ranjit123

‎07-03-2017 08:38 AM

It does support overload, so I think you just need:

ip nat inside source list <name> int gi0/1 vrf internet overload

ip route vrf internet 0.0.0.0 0.0.0.0 gi0/1 <gateway ip>

as Julio suggested

0 Helpful
Customers Also Viewed These Support Documents