I am trying to great static port NATs via netconf. Below is what I am sending to the device. I made this using yangsuite, but and using ncclient to send teh configuration. The target device is a CSR1000v running 17.3.4a
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<ip>
<nat xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-nat">
<inside>
<source>
<static>
<nat-static-transport-list-with-vrf>
<local-ip>10.1.1.1</local-ip>
<global-ip>75.1.1.1</global-ip>
<vrf>123abc-aaa</vrf>
<proto>tcp</proto>
<local-port>389</local-port>
<global-port>389</global-port>
<extendable/>
</nat-static-transport-list-with-vrf>
</static>
</source>
</inside>
</nat>
</ip>
</native>
</config>
When I send this to the candidate data store I get an OK back Whenever trying to commit I get the following error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/seth/dev-projects/automate-nat-config/lib/python3.9/site-packages/ncclient/manager.py", line 246, in execute
return cls(self._session,
File "/Users/seth/dev-projects/automate-nat-config/lib/python3.9/site-packages/ncclient/operations/edit.py", line 170, in request
return self._request(node)
File "/Users/seth/dev-projects/automate-nat-config/lib/python3.9/site-packages/ncclient/operations/rpc.py", line 375, in _request
raise self._reply.error
ncclient.operations.rpc.RPCError: inconsistent value: Device refused one or more commands
From the router CLI I can also see this log:
*Apr 5 13:16:12.452: %DMI-4-CLI_ROLLBACK_WARN: R0/0: dmiauthd: CLI rollback warning: tid (1206): no ip nat inside source static 10.1.1.1 75.1.1.1 vrf 123abc-aaa.
Anyone familiar with configuring NAT this way via netconf? Or have any tips on troubleshooting to see exactly why this isn't working?