Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4838
Views
4
Helpful
32
Replies

Routing global routing to VRF in NAT rules

piwale7827
Level 1
Level 1

‎11-15-2023 05:45 AM - edited ‎11-20-2023 05:12 AM

Hi there!

So i recently got a new task regarding our new CISCO ISR4331 IOS-XE.

My Router is built in a way that it has 2 interfaces,

1. GigabitEthernet0/0/0 - WAN Interface which uses the global routing table.

2. GigabitEthernet0 - (MGMT) LAN Interface which uses the default VRF called Mgmt-Intf

The Second interface is connected to my private network and it has the IP of 192.168.100.200,

I need to be able to Port forward using NAT rules and Routes a port from my WAN interface with a public IP and a specific port to port 80 to some other IP on my LAN - 192.168.100.10.

Ofcourse i tried some stuff like:

 

 

 

 

 

ip nat inside source static tcp 192.168.100.10 80 X.X.X.X 4848 extendable

 

 

 

 

 

 Which didnt work when i tried to connect to X.X.X.X on port 4848... after some debugging i noticed that it didnt have a route to the VRF interface (i understand that if an interface is in VRF then the router does'nt actually know its there and it must have a route) so i added one this way:

 

 

 

 

 

ip route 192.168.100.0 255.255.255.0 GigabitEthernet0

 

 

 

 

 

Where Gig0 is the interface that is in the VRF, also tried with the actual IP of the interface but to no avail...

Do you guys have any idea what is happening here?

Other than that, the cisco is pretty much in "default configuration" it does'nt have any special ACL's or something.

 

Latest Update:

Looks like after some digging the problem is not related to VRF or anything like that, more on that topic here.

Every help is appreciated!

Thank you for your help in advance! 

Labels:
0 Helpful
32 Replies 32

Kanan Huseynli
VIP
VIP
In response to piwale7827

‎11-17-2023 01:23 PM

Leaking here is done via static route in VRF table which points nexthop from global routing table (it is global to vrf leaking), you dont need leak route from VRF to global, because you have WAN in global and NAT there.

Can you share interface configs, show run | sec nat and show ip route vrf Mgmt-intf outputs?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

piwale7827
Level 1
Level 1
In response to Kanan Huseynli

‎11-16-2023 03:33 AM

Well i tried what you suggested...

And it didnt work, i tried running 

# sh ip nat statistics

 and this was the output... 0 misses and 0 hits... like the NAT rule didnt even match anything..

#sh ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 1 extended)
Outside interfaces:
  GigabitEthernet0/0/0
Inside interfaces: 
  GigabitEthernet0
Hits: 0  Misses: 0
Expired translations: 0
Dynamic mappings:
nat-limit statistics:
 max entry: max allowed 0, used 0, missed 0
In-to-out drops: 0  Out-to-in drops: 0
Pool stats drop: 0  Mapping stats drop: 0
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
0 Helpful

Kanan Huseynli
VIP
VIP
In response to piwale7827

‎11-20-2023 11:12 PM

I asked for configuration, can you provide it?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents