outside NAT with overlapping IPs in VRFs

Peter Zsiros · ‎04-08-2013

Hi,

I have 10.10.10.10 in 2 VRFs (lite) on 2 different VLANs

What i would like to achieve:

- if i connect to 172.16.7.125 in the global VRF then translate it to VRF1 10.10.10.10 destination address.
- if i connect to 172.16.3.162 in the global VRF then translate it to VRF2 10.10.10.10 destination address

IMHO the solution is quite simple:
ip nat outside source static 10.10.10.10 172.16.7.125 vrf VRF1

ip nat outside source static 10.10.10.10 176.16.3.162 vrf VRF2

However the router thinks something else:

R1(config)# ip nat outside source static 10.10.10.10 172.16.7.125 vrf VRF1

R1(config)# ip nat outside source static 10.10.10.10 176.16.3.162 vrf VRF2
% 10.10.10.10 already mapped (172.16.7.125 -> 10.10.10.10)

IMHO this configuration should be valid. The global VRF has two IPs (172.16.7.125 and 172.16.3.162) while the 2 other VRFs work happily with the two identical 10.10.10.10 destinations as they should. The two translations should be easily distinguished as these are from two different VRFs.

Either i am missing something or it is a problem in IOS.

IOS is 12.4(25f)

HW is 3845

Let me know your thoughts.

Thx,

peter

Muhammad Thanveer · ‎04-08-2013

Hello peter,

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-match-vrf.html#GUID-B856FC56-96CD-4F7E-B38C-24329D11FACD

ip nat inside source static local-ip global-ip [vrf vrf-name [match-in-vrf]]

Example:

Router(config)# ip nat inside source static 10.10.10.1 172.16.131.1 vrf vrf1 match-in-vrf

Establishes static translation between an inside local address and an inside global address.

The match-in-vrf keyword enables NAT inside and outside traffic in the same VRF.

Please rate helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."