My experience when natting VRF's is that you need a point to point
connection (like an ipip tunnel). The one end of the tunnel is in the
vrf and the other end of the tunnel is not in the VRF. This is the only
way I have been able to get NAT working within VPN's.
-----Original Message-----
From: kevin graham [mailto:kgraham@dotnetdotcom.org] 
Sent: Wednesday, June 19, 2002 2:05 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] cross-VRF NAT's
I'm looking at using the multi-vrf or 'vrf lite' functionality to
untangle 
some boxes that are doing both vpn/private and external routing. Tying 
interfaces and routing processes to a given vrf seems straightforward 
enough, but what I haven't seen detailed anywhere is how (or if?) one
goes 
about nat'ing between vrfs. 
Anyone have pointers on this? ..or will things just magically work if an
interface in one vrf is nat inside and another nat outside (I don't
really 
see how this would work, but *shrug*)
thanks.
..kg..
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:00 EDT