I've got several internal networks with overlapping IP schemes so we stuffed each into their own VRF so they could get out our 2911 router and into the outside world. We have a couple /28's and I can get everyone out onto the internet with each network's traffic NAT'd through it's own external IP.
The twist is we're using a cloud service for internet content filtering and we want to build the GRE's for that traffic off the router as well. For policy and reporting reasons the tunnels need to originate from their own external IP. I cannot seem to get the tunnels to come up and route to the destination. They show up (as up as a tunnel interface can show) but I can't ping the inside IP of the destination. So I am doing something wrong but I search as I may I can't seem to come up with a solution.
I have been at this piece for about 3 days now and can't seem to crack it. I'm posting a sketch and the relevant parts of the router's config. Anyone with suggestions or questions please chime in. As much as I've taught myself the last couple weeks it apparently isn't enough to bring it all together.
I actually figured this out this morning. There were two issues here.
1. When the tunnel interface needs to be in a vrf you not only need the "vrf forwarding name" command you also need the "vrf tunnel name" command. One tells the tunnel which vrf the packets are input from, the other which vrf the packets are ouput to.
2. To get the NAT to work I actually needed the "ip nat outside" on the tunnel interface as well.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...