Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11755
Views
10
Helpful
2
Replies

VRF and static NAT

Go to solution
19652010Z
Level 1
Level 1

‎02-19-2010 10:36 AM - edited ‎03-04-2019 07:33 AM

Hello,

I want to do a translation on the ip destination. The host on the network 192.168.2.0/24 must ping the host  192.168.20.100 with the address 192.168.2.100.

The configuration is ok when there is no VRF. But when I setup VRF, there is no translation.Debug ip nat  and ip nat vrf  doesn’t  show anything, can you help me? Thanks.

This configuration is ok,  when a host on the network 192.168.2.0/24 pings ip address 192.168.2.100, icmp messages go to 192.168.20.100:

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100

This configuration doesn't work:

ip vrf forwarding
!
ip vrf  AZE

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding AZE
ip address 192.168.2.250 255.255.255.0
ip nat outside
ip virtual-reassembly

interface FastEthernet0/0.200
encapsulation dot1Q 200


ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf ok

interface FastEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding AZE
ip address 192.168.20.250 255.255.255.0
ip nat inside
ip virtual-reassembly

ip nat inside source static 192.168.20.100 192.168.2.100 vrf AZE

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎02-20-2010 12:40 PM

Hi Hache,

Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias

HTH,

Lei Tian

View solution in original post

2 Replies 2

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎02-20-2010 12:40 PM

Hi Hache,

Looks like the NAT proxy-arp function is broken in vrf. The router stop responding the ARP request broadcast from client for 192.168.2.100. To make it work you can add a static arp on the router

arp vrf AZE 192.168.2.100  fa0/0_mac ARPA alias

HTH,

Lei Tian

Go to solution
19652010Z
Level 1
Level 1
In response to Lei Tian

‎02-21-2010 12:33 AM

Hi Lie,

I looked bad on cisco.com, I did not find this explanation, thank you for your response it's ok.

Regards,

Hachesse

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card