Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VRF and static NAT

Hello,

I want to do a translation on the ip destination. The host on the network 192.168.2.0/24 must ping the host  192.168.20.100 with the address 192.168.2.100.

The configuration is ok when there is no VRF. But when I setup VRF, there is no translation.Debug ip nat  and ip nat vrf  doesn’t  show anything, can you help me? Thanks.

This configuration is ok,  when a host on the network 192.168.2.0/24 pings ip address 192.168.2.100, icmp messages go to 192.168.20.100:

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100

This configuration doesn't work:

ip vrf forwarding
!
ip vrf  AZE

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding AZE
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200


ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf ok

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf AZE

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VRF and static NAT

Hi Hache,

Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias

HTH,

Lei Tian

2 REPLIES
Cisco Employee

Re: VRF and static NAT

Hi Hache,

Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias

HTH,

Lei Tian

New Member

Re: VRF and static NAT

Hi Lie,

I looked bad on cisco.com, I did not find this explanation, thank you for your response it's ok.

Regards,

Hachesse

9121
Views
10
Helpful
2
Replies
CreatePlease login to create content