I have two VRF. The first-one connected to Internet, the second-one to an inside LAN with private ip and NAT.

All works but, if I take away the green line, dns resolution doesn't work, every else is ok (tcp, ssh, icmp...). So I need to have two default gateway like in this configuration.

Can you tell me why? I tried this with old and new release of IOS (this is 15.1)

!

ip vrf reteesterna

rd 1000:100

route-target export 1200:120

route-target import 1201:121

!

ip vrf reteinterna

rd 1001:101

route-target export 1201:121

route-target import 1200:120

!

!

!

interface FastEthernet0/0

description --- rete interna ---

ip vrf forwarding reteinterna

ip address 192.168.88.1 255.255.255.0

ip nat enable

duplex auto

speed auto

!

interface FastEthernet0/1

description --- rete esterna ---

ip vrf forwarding reteesterna

ip address 82.85.14.104 255.255.255.224

ip nat enable

duplex auto

speed auto

!

router bgp 222

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf reteesterna

  no synchronization

  network 82.85.14.96 mask 255.255.255.224

exit-address-family

!

address-family ipv4 vrf reteinterna

  no synchronization

  network 192.168.88.0

exit-address-family

!

!

ip nat pool INTERNET 82.85.14.104 82.85.14.104 netmask 255.255.255.224

ip nat source list 112 pool INTERNET vrf reteinterna overload

ip route vrf reteesterna 0.0.0.0 0.0.0.0 82.85.14.97

ip route vrf reteinterna 0.0.0.0 0.0.0.0 82.85.14.97

!

access-list 112 permit ip 192.168.88.0 0.0.0.255 any

access-list 114 permit ip any any

!

!

regards

Gianrico Fichera

ITESYS SRL