VRF and static NAT

Answered Question
Feb 19th, 2010
User Badges:

Hello,


I want to do a translation on the ip destination. The host on the network 192.168.2.0/24 must ping the host  192.168.20.100 with the address 192.168.2.100.

The configuration is ok when there is no VRF. But when I setup VRF, there is no translation.Debug ip nat  and ip nat vrf  doesn’t  show anything, can you help me? Thanks.


This configuration is ok,  when a host on the network 192.168.2.0/24 pings ip address 192.168.2.100, icmp messages go to 192.168.20.100:


interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly


ip nat inside source static 192.168.20.100 192.168.2.100



This configuration doesn't work:


ip vrf forwarding
!
ip vrf  AZE


interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding AZE
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200


ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf ok


interface FastEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly


ip nat inside source static 192.168.20.100 192.168.2.100 vrf AZE

Correct Answer by Lei Tian about 7 years 4 months ago

Hi Hache,


Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias


HTH,


Lei Tian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Lei Tian Sat, 02/20/2010 - 12:40
User Badges:
  • Cisco Employee,

Hi Hache,


Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias


HTH,


Lei Tian

19652010Z Sun, 02/21/2010 - 00:33
User Badges:

Hi Lie,


I looked bad on cisco.com, I did not find this explanation, thank you for your response it's ok.


Regards,


Hachesse

Actions

This Discussion