Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
0
Helpful
1
Replies

VRF Nat

rupert.finnigan
Level 1
Level 1

‎10-06-2010 02:04 PM - edited ‎03-04-2019 10:01 AM

Hi All,

Got a bit of a problem that I'm trying to over-come. Maybe I'm approaching this problem from the wrong stand-point, but to be honest this is a bit beyond my knowledge level and I'm struggling a bit!

I've got a 2821 router, with two "public" connections from two seperate ISPs. I've put each connection into a seperate VRF, and left the global table as our internal address space. So, in brief:

Global Table - 172.21.0.0 255.255.0.0

VRF_ZEN_SDSL - 82.X.X.168 255.255.255.248

VRF_BTNET_FIBRE - 194.X.X.160 255.255.255.224

I've create a couple of IPSEC tunnels, with the tunnel interface originating in the Global table, and the tunnel using source interfaces in each of the VRFs. This works, ospf talks across the tunnels, traffic flows, and all is well.

However... I'm stuck with it comes to NAT. I'm trying to do general NATing for addresses in the global table (172.21....) to an address in the ZEN vrf (say, 82.X.X.174), and also static NATing for ports to makes services on 172.21 addresses available at an IP in the BT vrf. (Exchange OWA, HTTP and SSL etc for example).

Firstly, am I making this far too complicated, and secondly, can anyone point me in the right direction to making this work? Most of the literature out there deals with NATing addresses from within the VRF to an IP in the global table, whereas I'm trying to achieve the opposite!

Many Thanks for any help/advise in advance.

Regards,

Rupes

Labels:
0 Helpful
1 Reply 1

Robert Taylor
Cisco Employee
Cisco Employee

‎10-11-2010 02:27 PM

Can I ask why you chose to use different vrfs for your ISP connections?  Thats definitely something new to me.  Would like to hear the design challenge/requirements that led to you choosing that.

I dont know if we support vrf aware nat in this capacity, but I can check in to it a little more.

Rob

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card