VRF and static NAT

Answered Question
Feb 19th, 2010

Hello,

I want to do a translation on the ip destination. The host on the network 192.168.2.0/24 must ping the host  192.168.20.100 with the address 192.168.2.100.

The configuration is ok when there is no VRF. But when I setup VRF, there is no translation.Debug ip nat  and ip nat vrf  doesn’t  show anything, can you help me? Thanks.

This configuration is ok,  when a host on the network 192.168.2.0/24 pings ip address 192.168.2.100, icmp messages go to 192.168.20.100:

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100

This configuration doesn't work:

ip vrf forwarding
!
ip vrf  AZE

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding AZE
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200


ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf ok

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf AZE

Correct Answer by Lei Tian about 6 years 12 months ago

Hi Hache,

Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias

HTH,

Lei Tian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Lei Tian Sat, 02/20/2010 - 12:40

Hi Hache,

Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias

HTH,

Lei Tian

19652010Z Sun, 02/21/2010 - 00:33

Hi Lie,

I looked bad on cisco.com, I did not find this explanation, thank you for your response it's ok.

Regards,

Hachesse

Actions

This Discussion

Related Content