02-19-2010 10:36 AM - edited 03-04-2019 07:33 AM
Hello,
I want to do a translation on the ip destination. The host on the network 192.168.2.0/24 must ping the host 192.168.20.100 with the address 192.168.2.100.
The configuration is ok when there is no VRF. But when I setup VRF, there is no translation.Debug ip nat and ip nat vrf doesn’t show anything, can you help me? Thanks.
This configuration is ok, when a host on the network 192.168.2.0/24 pings ip address 192.168.2.100, icmp messages go to 192.168.20.100:
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly
ip nat inside source static 192.168.20.100 192.168.2.100
This configuration doesn't work:
ip vrf forwarding
!
ip vrf AZE
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding AZE
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly
ip nat inside source static 192.168.20.100 192.168.2.100 vrf ok
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly
ip nat inside source static 192.168.20.100 192.168.2.100 vrf AZE
Solved! Go to Solution.
02-20-2010 12:40 PM
Hi Hache,
Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router
arp vrf AZE 192.168.2.100 fa0/0_mac ARPA alias
HTH,
Lei Tian
02-20-2010 12:40 PM
Hi Hache,
Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router
arp vrf AZE 192.168.2.100 fa0/0_mac ARPA alias
HTH,
Lei Tian
02-21-2010 12:33 AM
Hi Lie,
I looked bad on cisco.com, I did not find this explanation, thank you for your response it's ok.
Regards,
Hachesse
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide