[c-nsp] NAT'ing DSL inside a VRF

[Kurt Bales]

Hey Guys,

I have setup a VRF for one of my customers and am landing a couple of DSL
services inside this vrf. I have a server connected to this VRF, and an
interface used for transit out of the VRF. I am having trouble working out
how to get NAT working on the transit interface. I have setup radius to send
what I believe are the appropriate configs to the virtual-access for each
DSL, but I am still having no luck with NAT. I have included the relevant
configs below. Let me know if I am missing anything. All the devices in the
VRF can ping each other successfully. It should be noted that the IP address
to the DSL services shown below is 172.16.0.1/32.

ip vrf custvrf01
 description Customer VRF
 rd 1234:1
!
interface Loopback1000
 description Loopback for Customer VRF
 ip vrf forwarding custvrf01
 ip address 10.0.0.1 255.255.255.255
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet0/2.403
 description VRF_Cust01_Transit
 encapsulation dot1Q 403
 ip vrf forwarding custvrf01
 ip address xxx.xxx.xxx.142 255.255.255.252
 ip nat outside
 ip virtual-reassembly
!
ip route vrf custvrf01 0.0.0.0 0.0.0.0 xxx.xxx.xxx.141
!
ip nat inside source list 20 interface GigabitEthernet0/2.403 vrf custvrf01
overload
!
access-list 20 permit 172.16.0.0 0.0.255.255
access-list 20 permit 10.0.0.0 0.0.0.255

And here is the output of one of the connected DSL services interface:

7204G2#sh run in virtual-access 43

interface Virtual-Access43
 mtu 1472
 ip vrf forwarding custvrf01
 ip unnumbered Loopback1000
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1360
 down-when-looped