[c-nsp] NAT-ON-A-STICK for VRF Traffic

Andy Saykao andy.saykao at staff.netspace.net.au
Sun Aug 16 20:59:17 EDT 2009


I want to set up a NAT-PE Internet Gateway and NAT vrf traffic using
NAT-ON-A-STICK. Is this possible? 
 
Easy enough to do when it's IP traffic using policy-based routing as per
this article:
 
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a
0080094430.shtml
 
Just wondering how you would apply the article in relation to when the
traffic is MPLS/VRF based.
 
I tried this config, but could not get it to work.
 
NAT-PE Router:
 
interface Loopback98
 description Used for NAT-ON-A-STICK
 ip address 172.16.76.25 255.255.255.248
 ip nat outside
!
interface GigabitEthernet0/0.11
 description Core/MPLS Network
 encapsulation dot1Q 11
 ip address 203.10.110.X 255.255.255.224
 ip nat inside
 ip virtual-reassembly
 ip policy route-map NAT-LOOP
 mpls ip
!
! Set default to next hop on P router in the global routing table
ip route vrf NSTEST 0.0.0.0 0.0.0.0 GigabitEthernet0/0.11 203.10.110.Y
global
!
ip nat pool NSTEST-NAT-POOL 210.15.230.65 210.15.230.65 netmask
255.255.255.252
ip nat inside source list NSTEST-NAT-ACL pool NSTEST-NAT-POOL vrf NSTEST
overload
!
ip access-list standard NSTEST-NAT-ACL
 permit 192.168.0.0 0.0.255.255
!
route-map NAT-LOOP permit 10
 match mpls-label
 set ip next-hop 172.16.76.26

P Router:
 
! Route public ip's to loopback98 on NAT-PE router
ip route 210.15.230.64 255.255.255.252 Loopback98 172.16.76.25
 
My logic is flawed somewhere ;)
 
Thanks.
 
Andy

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed. 
Please notify the sender immediately by email if you have received this 
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for 
the presence of viruses. The organisation accepts no liability for any 
damage caused by any virus transmitted by this email.



More information about the cisco-nsp mailing list