[c-nsp] static PAT inside one vrf?
Sean Watkins
sean.watkins at gmail.com
Tue Jul 18 16:15:46 EDT 2017
Weird problem
I have a "ISP" VRF -
ip vrf ISP
rd 1:2
With bunch of client networks etc. A server network, all reaching an
internet edge router, via a transit..
int GigabitEthernet0/1.432
encapsulation dot1Q 432
ip vrf forwarding ISP
ip address 100.64.32.238 255.255.255.248
ip nat enable
outside leg of the transit router
interface GigabitEthernet0/2.999
encapsulation dot1Q 999
ip vrf forwarding ISP
ip address X.X.X.101 255.255.255.248
no ip redirects
no ip unreachables
ip accounting access-violations
ip nat enable
standby 1 ip X.X.X.X.100
standby 1 preempt delay reload 60 sync 60
standby 1 name S1
I have a pool for internal clients to hit the internet on -- - works a-ok
ip nat pool IPNATLINK1 X.X.X.225 X.X.X.254 prefix-length 27
ip nat source list NAT pool IPNATLINK1 vrf ISP overload
What doesn't seem to work however - is PAT
Internal server, in the vrf is 100.64.32.12 --- I can ping reach it etc.
Reach it port 443.
I add this in,
ip nat source static tcp 100.64.32.12 443 X.17.214.100 443 vrf ISP
extendable
Nothing works... sniffing on 100.64.32.12 - I don't see any inbound
requests etc.
Any ideas?
Sean
--
--
Sean Watkins
403-629-6152
More information about the cisco-nsp
mailing list