Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1282
Views
0
Helpful
2
Replies

Proxy arp not working on the nat outside interface (participating in a VRF)

kshivm@amazon.com
Level 1
Level 1

‎01-26-2021 10:45 PM

 

My Router is not making the acting as a Proxy for the ARP requests for the NATted IP's on the NAT oustide intterface. Here's the interface config :

 

ISR#sh run int fa0/0.101
Building configuration...

Current configuration : 169 bytes
!
interface FastEthernet0/0.101
 encapsulation dot1Q 101
 ip vrf forwarding Hydrol
 ip address 192.168.101.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly
end

 

Interface FastEthernet0/0 is connected to another router which is the gateway for Vlan101 and has the IP: 192.168.101.1

ISR#sh run int vlan444
Building configuration...

Current configuration : 156 bytes
!
interface Vlan444
 ip vrf receive Hydrol
 ip address 11.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map VRF_TO_GLOBAL
end

Router is doing following NAT:

ip nat inside source static 11.0.0.3 192.168.101.36

Routing is setup fine, and 11.0.0.3 should be able to ping 192.168.101.1. ICMP Packet reaches till the gateway - but when the gateway tries to ARP for 192.168.101.36 , the NAT router does not respond to the ARP request. I've tried manually entering ip-proxy arp on the interface, but it has not effect because it is a default command.

When i manually enter a static ARP entry for 192.168.101.36 on the gateway device - pointing to the NAT outside interface MAC address- everything works as expected.

I've tried multiple router series (3945,4500,IR) to do the NAT function with the similar config/setup - and i saw this issue on all series So i'm sure it's a config issue - not the device issue.

Is there something more to be done when the NAT outside interface is in a VRF - to make the proxy-arp work

Please help !

Labels:
0 Helpful
2 Replies 2

JimWicks
Level 1
Level 1

‎03-07-2022 05:09 AM

try tagging your NAT statement with the VRF, something like the following

 

ip nat inside source static 11.0.0.3 192.168.101.36 vrf Hydrol

0 Helpful

paul driver
VIP
VIP

‎03-07-2022 08:22 AM - edited ‎03-07-2022 08:23 AM

Hello
Try using NVI nat (domianless nat) and also check your vrf table for default route 

sh ip route vrf Hydrol

Int fa0/0.1.01
no ip nat outside
ip nat enable

int vlan 44
no ip nat inside
ip nat enable

ip nat source static 11.0.0.3 192.168.101.36
ip route vrf Hydrol 0.0.0.0 0.0.0.0 fa0/0.101 192.168.101.x


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card