Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1099
Views
8
Helpful
2
Replies

VRF Internet Scenario

Mohamed Mahmoud Abd El Khalek
Level 1
Level 1

‎06-17-2012 05:10 AM - edited ‎03-04-2019 04:42 PM

We have a problem to in install Internat via VRF . I have a problen in the nat and real ip address will be put as loopback or secondary address.We tried the both .THe real ip address is pingable from the internet .The proble our lan can not go outside the internet but go the branches.Kinldy find my following config

!

interface GigabitEthernet0/1

description Main-Conn

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.650

description VPN

encapsulation dot1Q 650

ip address 172.17.24.252 255.255.255.248

!

interface GigabitEthernet0/1.750

description Internet

encapsulation dot1Q 750

ip vrf forwarding internet

ip address 172.17.25.214 255.255.255.252

!

interface GigabitEthernet0/0

description LAN

ip address 192.168.201.0 255.255.255.0

duplex auto

speed auto

!

!

ip route 192.168.100.0 255.255.255.0 172.17.24.249

ip route 192.168.101.0 255.255.255.0 172.17.24.249

ip route 192.168.102.0 255.255.255.0 172.17.24.249

ip route 192.168.103.0 255.255.255.0 172.17.24.249

ip route 192.168.122.0 255.255.255.0 172.17.24.249

ip route 192.168.202.0 255.255.255.0 172.17.24.249

ip route 192.168.217.0 255.255.255.0 172.17.24.249

ip route 192.168.222.0 255.255.255.0 172.17.24.249 

ip route 192.168.230.0 255.255.255.0 172.17.24.249 

ip route 192.168.224.0 255.255.255.0 172.17.24.249

ip route 192.168.124.0 255.255.255.0 172.17.24.249

interface Loopback0

ip vrf forwarding internet

ip address 40.30.167.90 255.255.255.224

int Gi0/1.750

ip nat enable

int Gi0/0

ip nat enable

accessl-list 101 deny 192.168.201.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 101 permit 192.168.201.0 0.0.0.255 any

ip nat pool REAL 40.30.167.90 40.30.167.90 prefix-length 27

ip source nat inside list 101 pool REAL vrf internet overload

ip route vrf internet 0.0.0.0 0.0.0.0 172.17.25.213

!

Labels:
0 Helpful
2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

‎06-17-2012 05:40 AM

Mohamed,

On your router, you'll need to create routes that allow the Internet vrf back into the global routing table. For example, try putting in:

ip route vrf Internet 192.168.230.0 255.255.255.0 global

A host in subnet 192.168.230.0 should be able to get to the internet. The problem is that you've created a separate routing table for your Internet connection, but it looks like all of your hosts are not in vrfs which are still a part of the global routing table.

HTH,

John

HTH, John *** Please rate all useful posts ***

smehrnia
Level 7
Level 7

‎06-17-2012 06:30 AM

Hi,

 interface GigabitEthernet0/0
 description LAN
 ip address 192.168.201.0 255.255.255.0
 duplex auto
 speed auto

Did you put 192.168.201.0 255.255.255.0 as you interfaces IP address on purpose?

im not sure, but shouldnt u create ur VRF internet (ip vrf internet) globaly too? plus a route back to ur LAN as John said.

plz Rate if it helped.

Soroush.

Hope it Helps!

Soroush.
Customers Also Viewed These Support Documents