I am doing an experiment to NAT traffic from global VRF to another VRF (called Internet). Please see my diagram. R1 is a host router with default gateway pointing to R2. R3 is simulating the ISP. Its lo0 with IP 18.104.22.168 is simulating an Internet host. R2 is doing the NAT.
I have tried both the traditional inside and outside NAT as well as the NVI NAT. I can NAT traffic from right to left fine with NVI NAT. However for traffic from left to right it doesn't work for me. Here is my config
vrf definition Internet rd 1:1 route-target export 1:1 route-target import 1:1 ! address-family ipv4 exit-address-family ! ! interface Ethernet0/0 ip address 10.0.12.2 255.255.255.0 ip nat inside ip nat enable ! interface Ethernet0/1 vrf forwarding Internet ip address 172.16.23.2 255.255.255.0 ip nat outside ip nat enable ! ! ip route 0.0.0.0 0.0.0.0 Ethernet0/1 172.16.23.3 ip route vrf Internet 0.0.0.0 0.0.0.0 172.16.23.3 ! ip nat source static 10.0.12.1 172.16.23.1 vrf Internet ip nat source list NVI-NAT interface e0/1 vrf Internet overload ! ip access-list extended NVI-NAT permit ip 172.16.23.0 0.0.0.255 any
Now when I ping from R1 to 22.214.171.124 on R3, the R3 still got the un-NAT'ed traffic (from 10.0.12.1 to 126.96.36.199)
The static NAT you have configured in VRF internet. I want to see the source traffic hitting to the Nat statement and if its then want to ensure return traffic for source in VRF internet routing table.
If above doesn’t help then please share vice-versa trace route, NAT debug output and status of the NAT translation when you initiate the traffic.
Hey sorry for the late response Naren.. Yup it works great now! You definitely pointed me to the right direction. I also tried by adding a static ARP entry on R3 for 172.16.23.1 and it also worked. Of course in my real life scenario R3 is provider router so I can't touch. So I found out that by creating 172.16.23.1 as a secondary IP on the R2, it also works well :) Anyway I believe that my problem is resolved. Thanks again!
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...