[c-nsp] Inter-VRF with NAT

[Mike]

Hello,

    I have a group of devices on my network (customer cpe - dsl modems
mostly) which don't have the intelligence necessary to route their
management traffic seperate from the user internet traffic. This means
that packets inbound to management, will go outbound to the default
gateway in the device's routing table instead of being routed back out
the default gateway for the management interface.

    I have solved this in the past by using a linux server that had an
interface on the global network, and another interface facing the
customer management interfaces, with NAT rules so that packets destined
TO addressees within the management network would have a source of the
linux server itself. This meant that traffic to the cpe management
interface appeared to be from an ip that was local (on the same network)
and thus did not require routing. For example, if the management network
was 172.16.1.0/24 and the cpe had an ip of 172.1.1.100, packets from
global destinated to 172.16.1.100 would appear to the cpe to be comming
from 172.16.1.1 (the linux server). Unfortunately, for various network
reasons, this doesn't scale (the linux server has to have direct l2
connectivity to each such network, which becomes unmanageable).

    I have been trying to discern a more cisco-centric way of
accomplishing this end goal, and I need some help fleshing this out. My
thoughts are that the router of course will have an l2 interface on the
cpe management network, and this could be inside a seperate vrf. If the
vrf/management network was 172.16.1.0/24, I would want this same route
also in my global table so I can address hosts on this network, with the
switch to vrf/nat on the inside. Is this possible, or am I just
conceptualizing this wrong?



Mike-