cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1137
Views
0
Helpful
1
Replies

Reverse PAT ("opening ports") between VRF's and ISP with DHCP

2044418Puts
Level 1
Level 1

Hi,

Lets say I'm configuring a regular router that stands between an internal network and the Internet, but I would like the internal network to have its own VRF (INSIDE) and to have the Internet its own VRF (OUTSIDE).

Assuming that my WAN address is static (8.8.8.8) I would configure a PAT rule for incoming mail to mail server 10.10.10.10 like this:

ip nat inside source static tcp 10.10.10.10 25 8.8.8.8 25 vrf INSIDE extendable

Which works fine.

But how should I configure this if my WAN address is assigned by DHCP?

The command  "ip nat inside source static tcp 10.10.10.10 25 interface dialer0 25 vrf INSIDE" is not available.

Is this actually possible?

1 Reply 1

blau grana
Level 7
Level 7

Hi

I think that you do not have to include "vrf INSIDE" in second command to work. As you wrote that you put internet connection to VRF OUTSIDE, Dialer0 should be also in vrf OUTSIDE.

So this should work:

interface Dialer0

ip vrf forwarding OUTSIDE

ip nat  inside source static tcp 10.10.10.10 25 interface dialer0 25 - See more  at: https://supportforums.cisco.com/thread/2199150#sthash.B9OyuHXo.dpuf
ip nat  inside source static tcp 10.10.10.10 25 interface dialer0 25 - See more  at: https://supportforums.cisco.com/thread/2199150#sthash.B9OyuHXo.dpuf
ip nat  inside source static tcp 10.10.10.10 25 interface dialer0 25 - See more  at: https://supportforums.cisco.com/thread/2199150#sthash.B9OyuHXo.dpuf

ip nat inside source static tcp 10.10.10.10 25 interface Dialer0 25

If this for some reason will not work, I would suggest to leave internet in global table and configure portforward then.

Best Regards

Please rate helpful posts

Best Regards Please rate all helpful posts and close solved questions
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: