×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CGN in CRS with two VRFs no Work

Unanswered Question
Aug 8th, 2014
User Badges:

we want separate the traffic depending on source, for this theme use two vrf (NAT1 and NAT2) and one cgn service, now we have ok the config for NAT 1 but the config NAT2 no is ok, no generate translations, someone have some idea of my error.

Config.

vrf NAT

address-family ipv4 unicast

  import route-target

   27995:100

  !

  export route-target

   27995:100

¡

vrf NAT2

address-family ipv4 unicast

  import route-target

   27995:102

  !

  export route-target

   27995:102

 

hw-module service cgn location 0/3/CPU0

hw-module service cgn location 0/4/CPU0

 

ipv4 access-list ABF-NAT

1 permit ipv4  10.203.191.161 0.0.0.0 any nexthop1 vrf NAT2 ipv4 192.168.208.134

2 permit ipv4 10.204.226.111 0.0.0.0 any nexthop1 vrf NAT2 ipv4 192.168.208.134

10 permit ipv4 10.0.0.0 0.255.255.255 any nexthop1 vrf NAT ipv4 192.168.208.34

20 permit ipv4 any any

!

ipv4 access-list ServiceInfraFilter

100 permit ipv4 host 192.168.208.41 any

101 permit ipv4 host 192.168.208.42 any

!

ipv4 access-list ServiceInfraFilter2

100 permit ipv4 host 192.168.208.45 any

101 permit ipv4 host 192.168.208.46 any

 

interface ServiceApp1

description Private Inside Interface

vrf NAT

ipv4 address 192.168.208.33 255.255.255.252

service cgn NAT service-type nat44

!

interface ServiceApp10

description Public Outside Interface

ipv4 address 192.168.208.37 255.255.255.252

service cgn NAT service-type nat44

 

interface ServiceApp2

description Private Inside Interface

vrf NAT2

ipv4 address 192.168.208.133 255.255.255.252

service cgn NAT service-type nat44

 

interface ServiceApp20

description Public Outside Interface

ipv4 address 192.168.208.137 255.255.255.252

service cgn NAT service-type nat44

!

interface ServiceInfra1

ipv4 address 192.168.208.41 255.255.255.252

service-location 0/3/CPU0

ipv4 access-group ServiceInfraFilter egress

!

interface ServiceInfra2

ipv4 address 192.168.208.45 255.255.255.252

service-location 0/4/CPU0

ipv4 access-group ServiceInfraFilter2 egress

!

router static

address-family ipv4 unicast

  100.100.100.0/24 ServiceApp10

  100.119.0.0/17 ServiceApp10

  100.119.128.0/17 ServiceApp20

!

vrf NAT

  address-family ipv4 unicast

   0.0.0.0/0 ServiceApp1

   10.0.0.0/8 vrf default TenGigE0/0/0/0 192.168.205.1

   10.0.0.0/8 vrf default TenGigE0/0/0/5 192.168.205.5

 

vrf NAT2

  address-family ipv4 unicast

   0.0.0.0/0 ServiceApp2

   10.0.0.0/8 vrf default TenGigE0/0/0/0 192.168.205.1

   10.0.0.0/8 vrf default TenGigE0/0/0/5 192.168.205.5

 

service cgn NAT

service-location preferred-active 0/3/CPU0 preferred-standby 0/4/CPU0

service-type nat44 NAT44 

inside-vrf NAT

   map address-pool 100.119.0.0/17

  inside-vrf NAT2

   map address-pool 100.119.128.0/17

Regards

Ruben

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion