I have somthing really strange on a 7301 PE router.
1 interface is in a vrf (gre tunnel)
1 interface to the mpls core
Routes are well exchanged.
I have ip nat inside on the vrf interface and ip nat outside on the mpls interface.
Customer range is natted with 1 ip address with overload
here is the strange thing :
When the customer want to surf to a site hosted at the other end of the mpls vpn, no problem, but if he want to connect via ftp, it doesn't work.
What I see is the following, the PE doesn't do the nat translation for port tcp/21 but well for all other port.
I see traffic at the other end of the vpn with private ip adresses as source that should be natted and are indeed natted for any other port using same source destination address.
Now for the funny part, if I do a show ip nat translation vrf xxx, I see the translation (very frustating), but it is not logged in the debug ip nat.
In summary, if the customer does :
telnet x.x.x.x 80 -> nat ok
telnet x.x.x.x 21 -> nat nok
I can post some of the debug/show ip nat and config if needed.
Thanks for your help.