Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT between 2 VRF instances

On my cisco 7201 I have 2 separate networks connected to it using vlan subinterfaces of G0/0. Each network is confined to its vrf instance. Now I need to add a server that should be accessible from both and does not break the separation. I thought that the NAT would be the most logical solution but having hard time making it work.

This whitepaper almost exactly repeats a config I have been working on with the exception of vlan subinterfaces that I use. The problem starts when I send packets to a NAT-enabled interface: they are not being transfered to a corresponding interface. Debug ip nat registers a translation but as far as my monitoring of egress port goes there is not a packet going from there. Is it me being dumb or a hard/software fault.

If my memory serves me correctly I have 12.4XD10 advipservice firmware. Sorry for not showing you any configs, it's a production router and I was able to play with it for a very limited time and didn't think about storing any samples.

Hall of Fame Super Silver

Re: NAT between 2 VRF instances

Hello Victor,

use the following as a reference

but be aware of the following restriction

Restrictions for Integrating NAT with MPLS VPNs

Inside VPN to VPN with NAT is not supported.

You should have the server connected to a third link see Figure 1

Hope to help


New Member

Re: NAT between 2 VRF instances

Thanks Giuseppe

The link you gave helped big deal. It appeared that vrf routing table did not point to the address where the server resides. Now everyting works as it should.