Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CGN in CRS with two VRFs no Work

we want separate the traffic depending on source, for this theme use two vrf (NAT1 and NAT2) and one cgn service, now we have ok the config for NAT 1 but the config NAT2 no is ok, no generate translations, someone have some idea of my error.

Config.

vrf NAT

address-family ipv4 unicast

  import route-target

   27995:100

  !

  export route-target

   27995:100

¡

vrf NAT2

address-family ipv4 unicast

  import route-target

   27995:102

  !

  export route-target

   27995:102

 

hw-module service cgn location 0/3/CPU0

hw-module service cgn location 0/4/CPU0

 

ipv4 access-list ABF-NAT

1 permit ipv4  10.203.191.161 0.0.0.0 any nexthop1 vrf NAT2 ipv4 192.168.208.134

2 permit ipv4 10.204.226.111 0.0.0.0 any nexthop1 vrf NAT2 ipv4 192.168.208.134

10 permit ipv4 10.0.0.0 0.255.255.255 any nexthop1 vrf NAT ipv4 192.168.208.34

20 permit ipv4 any any

!

ipv4 access-list ServiceInfraFilter

100 permit ipv4 host 192.168.208.41 any

101 permit ipv4 host 192.168.208.42 any

!

ipv4 access-list ServiceInfraFilter2

100 permit ipv4 host 192.168.208.45 any

101 permit ipv4 host 192.168.208.46 any

 

interface ServiceApp1

description Private Inside Interface

vrf NAT

ipv4 address 192.168.208.33 255.255.255.252

service cgn NAT service-type nat44

!

interface ServiceApp10

description Public Outside Interface

ipv4 address 192.168.208.37 255.255.255.252

service cgn NAT service-type nat44

 

interface ServiceApp2

description Private Inside Interface

vrf NAT2

ipv4 address 192.168.208.133 255.255.255.252

service cgn NAT service-type nat44

 

interface ServiceApp20

description Public Outside Interface

ipv4 address 192.168.208.137 255.255.255.252

service cgn NAT service-type nat44

!

interface ServiceInfra1

ipv4 address 192.168.208.41 255.255.255.252

service-location 0/3/CPU0

ipv4 access-group ServiceInfraFilter egress

!

interface ServiceInfra2

ipv4 address 192.168.208.45 255.255.255.252

service-location 0/4/CPU0

ipv4 access-group ServiceInfraFilter2 egress

!

router static

address-family ipv4 unicast

  100.100.100.0/24 ServiceApp10

  100.119.0.0/17 ServiceApp10

  100.119.128.0/17 ServiceApp20

!

vrf NAT

  address-family ipv4 unicast

   0.0.0.0/0 ServiceApp1

   10.0.0.0/8 vrf default TenGigE0/0/0/0 192.168.205.1

   10.0.0.0/8 vrf default TenGigE0/0/0/5 192.168.205.5

 

vrf NAT2

  address-family ipv4 unicast

   0.0.0.0/0 ServiceApp2

   10.0.0.0/8 vrf default TenGigE0/0/0/0 192.168.205.1

   10.0.0.0/8 vrf default TenGigE0/0/0/5 192.168.205.5

 

service cgn NAT

service-location preferred-active 0/3/CPU0 preferred-standby 0/4/CPU0

service-type nat44 NAT44 

inside-vrf NAT

   map address-pool 100.119.0.0/17

  inside-vrf NAT2

   map address-pool 100.119.128.0/17

Regards

Ruben

1 REPLY
New Member

This discussion has been

This discussion has been reposted from Additional Communities to the Server Networking community.

41
Views
0
Helpful
1
Replies
CreatePlease login to create content