cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
750
Views
0
Helpful
3
Replies

Problem with 3 WAN interfaces with implmenting VRF

baskervi
Level 1
Level 1

We have 3 WAN interfaces - a T1 for the public queries to our web and mail servers, and two cable connections for outbound web traffic. There are technically better solutions, but these were purchased for cost saving reasons, and I have to get it to work. I thought what I'd decide to do was to:

1) Split the router into two separate vrf implementations - one for the T1, and the other for load balancing the cable connections

2) Policy routing would be used to control traffic flow

3) Configure NAT on the appropriate outbound interfaces

4) Set up vrf route leaking so the two vrf implementation can see each other

The problem I'm having is that 66.210.189.13 is the gateway for our firewall, but this vrf router instance can't forward outbound web traffic to 66.210.189.15, which is the second vrf implementation. My understanding was that route leaking should be able to take care of this. I can ping the loopback interface that's bound to a different vrf rd, but I just can't get any traffic to flow from one Ethernet interface in one rd to the one in the other rd. Does anyone have an idea of what I might try to do? Thanks, and I've attached the configuration and routing tables.

3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

try to update your NATing to be vrf aware as bellow

ip nat inside source route-map COX_Inet interface FastEthernet0/1 vrf COX overload

see the bellow link for some understanding about the concepts and ignore the the VPN and MPLS parts

https://supportforums.cisco.com/docs/DOC-8403

hope this help

This certainly makes sense, and I've modified the configuration. Just FYI, yesterday I configured the ASA to use .15 as the gateway, and NATing worked just fine as shown in the configuration. I still have the problem, though - I cannot ping 66.210.130.15 using "ping vrf MWC 66.210.130.15," although "ping vrf MWC 172.16.23.1" is successful. This leads me to a couple of other questions, the latter of which I'll post separately.

1) How do you look at the arp cache for a vrf configuration?

2) How do you telnet/ssh to a vrf interface to gain access to the router? Both fail currently.

Thanks for the reply on the NAT.

Marwan ALshawi
VIP Alumni
VIP Alumni

For telnet depends on the iOS you can specify the veg or interface

If you have out of band interface then just normal telnet

HTH

Plz rate the helpful posts

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: