[c-nsp] NAT with VRF on Cisco ASR 1002-X

[kawarod]

Hi All,

we have recently bought a Cisco ASR 1002-X to migrate/consolidate our 
old Cisco 7200 NPE-G2.
This equipment is dedicated to NAT VRF customers with a Public IP.

On the Cisco 7200 (IOS 15.1.4) , all the internal facing VRF interfaces 
are using an "ip nat inside" statement.
The "ip nat outside" is used globally on only one interface that is 
connected to Internet (global context).

When using the exact same working configuration on our ASR with IOS XE - 
3.8S, only the ICMP paquets are going from/back to VRF and global 
Internet context.
For a TCP session, the ASR is sending a TCP reset, as if the router was 
unable to send the paquet to the right VRF.

After some investigation, it seems that the IOS XE is using some VASI 
interface to deal with NAT.
We have been able to get a working configuration with VasiLeft and 
VasiRight interface, but we have to use an intermediate subnet that is 
allocated to the VASI interface. Moreover, this subnet is seen in the 
global routing table.

Are there any way to achieve global NAT for VRF without using VASI 
interfaces for each VRF.
Moreover, if we have to deal with VASI Interfaces, what could be done to 
isolate these subnets from the global context.

Thx for your help,

Rodrigue