Tuesday, March 31, 2020

Aware Software Infrastructure (VASI) NAT on a Stick



Configuration:
>> CSR1

interface GigabitEthernet1
ip address 192.168.123.1 255.255.255.0
negotiation auto
end

ip route 0.0.0.0 0.0.0.0 192.168.123.3

>> CSR2

interface GigabitEthernet1
ip address 192.168.123.2 255.255.255.0
no ip redirects
negotiation auto
end

ip route 0.0.0.0 0.0.0.0 192.168.123.3

>> CSR3

vrf definition BLUE
address-family ipv4
exit-address-family

interface GigabitEthernet1
ip address 192.168.123.3 255.255.255.0
ip nat inside
ip policy route-map PBR
negotiation auto

interface GigabitEthernet2
ip address 34.34.34.3 255.255.255.0
ip nat outside
negotiation auto

interface vasileft1
ip address 6.6.6.1 255.255.255.0
ip nat outside
no keepalive

interface vasiright1
vrf forwarding BLUE
ip address 6.6.6.2 255.255.255.0
no keepalive

ip nat pool NAT-POOL 10.0.12.0 10.0.12.255 prefix-length 24
ip nat inside source static 192.168.123.2 34.34.34.2 no-alias
ip nat outside source list NAT pool NAT-POOL

ip route 0.0.0.0 0.0.0.0 34.34.34.4
ip route 34.34.34.2 255.255.255.255 192.168.123.2
ip route vrf BLUE 0.0.0.0 0.0.0.0 vasiright1
ip route vrf BLUE 10.0.12.0 255.255.255.0 6.6.6.1
ip route vrf BLUE 34.34.34.2 255.255.255.255 vasiright1 6.6.6.1

ip access-list extended NAT
permit ip 192.168.123.0 0.0.0.255 host 34.34.34.2
ip access-list extended PBR
permit ip 192.168.123.0 0.0.0.255 host 34.34.34.2
permit ip host 192.168.123.2 10.0.12.0 0.0.0.255

route-map PBR permit 10
match ip address PBR
set ip next-hop 6.6.6.2

>> CSR4

interface GigabitEthernet2
ip address 34.34.34.4 255.255.255.0
negotiation auto
end


https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)