[c-nsp] Restrictions for NAT Integration with MPLS VPNs
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Mar 18 12:04:20 EST 2005
Joe Maimon <> wrote on Friday, March 18, 2005 1:05 AM:
> Restrictions for NAT Integration with MPLS VPNs
>
> Inside VPN to VPN with NAT is not supported.
>
> from
>
>
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_
guide09186a00801145f5.html#wp1035671
>
>
> Does this mean that I should not expect this to work?
Yes, this is not supported (but it works, see below).
>
> ip vrf RED
> rd 10:10
> !
> int fa0/0/0
> ip vrf forwarding RED
> ip address 192.168.1.1 255.255.255.0
> ip nat inside
> !
> int fa0/1/0
> ip vrf forwarding RED
> ip address 66.16.17.1 255.255.255.0
> ip nat outside
> !
This configuration works, though (I tried it in 12.3(6)), but the
current vrf-aware NAT functionality was designed around central services
(several VRFs with overlapping IP addresses want to access SP's central
services, like an Internet connection), so the outside interface is
usally in the global table.
We'll release new vrf-aware NAT functionality in the upcoming 12.3(14)T
release (due out soon) which will also allow to translate between
separate VRFs..
Any reason you can't do NAT on the CE devices?
oli
More information about the cisco-nsp
mailing list