Hello,
Question regarding NAT and VRF. We have a router with Gig0/1 facing the internet. Gig0/0.4091 is in a VRF for guest wireless. Gig0/0.2 is our private internal LAN. All interfaces described have "ip nat enable" on them.
Outbound from both the internal global and the internal public wifi vrf are workign properly.
What we want to do is allow a client in the public wifi network to be able to connect to a printer that's in the global routing table, but do so using a masked address so they don't know the real IP of the printer. The IP the client in the public wifi should connect to is 192.168.33.244 and that be NAT'd thru the router to host 192.168.50.227 in the global routing table.
interface GigabitEthernet0/1
ip address 123.123.11.2 255.255.255.224
ip access-group ACL-OUTSIDE-IN in
ip nat enable
ip inspect GIG0/1-INSPECT out
duplex auto
speed auto
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.50.1 255.255.255.0
ip flow egress
ip nat enable
interface GigabitEthernet0/0.4091
encapsulation dot1Q 4091
ip vrf forwarding GUEST-WIFI
ip address 192.168.33.1 255.255.255.0
ip flow egress
ip nat enable
ip nat pool IP-NAT-POOL-1 123.123.11.2 123.123.11.2 netmask 255.255.255.224
ip nat pool IP-NAT-POOL-3 123.123.11.8 123.123.11.8 netmask 255.255.255.224
ip nat source list IP-NAT-SOURCE-LIST-1 pool IP-NAT-POOL-1 overload
ip nat source list IP-NAT-SOURCE-LIST-3 pool IP-NAT-POOL-3 vrf GUEST-WIFI overload
***THIS IS THE STATIC NAT I'M TRYIGN TO PUT IN THAT DOESN'T WORK
ip nat source static 192.168.50.227 192.168.33.244 vrf WIFI-PUBLIC
So in summary, a client in the GUEST-WIFI vrf with an IP address of 192.168.33.100, I want it to print to IP address 192.168.33.244, the router picks up that request and NAT's it through to the global routing table to IP 192.168.50.227.
Thanks in advance for any assistance.