NAT / VRF config issue on Cisco ASR 1002

Hi,

I swear this worked the other day, but I cannot get NAT to work on an ASR running VRF's.  I'm trying to NAT the inside IP of 192.168.101.21 to 1.1.1.1 but my outside device shows all packets coming from 192.168.101.21.

If I remove the interfaces from the vrf, make the default route a global one (vice vrf entry) and remove the vrf tag from the ip nat static entry, NAT'ing works.  Why wouldn't it also work when I apply the interfaces to a VRF?


Also, to make it even wierder:
If I configure the router with no vrf's (no interfaces in vrf, no vrf static route or NAT entries) it works.  If I place everything into a vrf it works.  If I save the config and then reboot it doesn't work.  Is there some cahcing that is taking place that I am not aware of?  

Router#sh run
Building configuration...
 
Current configuration : 1752 bytes
!
no upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf-101
 !
 address-family ipv4
 exit-address-family
!
!
no aaa new-model
ip subnet-zero
no ip domain lookup
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
redundancy
 mode none
!
controller T3 0/1/0
 framing c-bit
 cablelength 10
 t1 1 channel-group 0 timeslots 1-24
!
controller T3 0/1/1
 cablelength 224
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
 no cdp enable
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
 no cdp enable
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
 no cdp enable
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
 no cdp enable
!
interface GigabitEthernet0/0/3.101
 vrf forwarding vrf-101
 encapsulation dot1Q 101
 ip address 192.168.101.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Serial0/1/0/1:0
 vrf forwarding vrf-101
 ip address 1.1.1.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 no cdp enable
!
ip nat inside source static 192.168.101.21 1.1.1.1 vrf vrf-101
ip classless
ip route vrf vrf-101 0.0.0.0 0.0.0.0 1.1.1.2
!

Open in new window

Program652Asked:
Who is Participating?
 
Program652Connect With a Mentor Author Commented:
Turned out there was a bug on the ASR's.  Even vanilla NAT did not work; NAT not in a VRF setting.  

Cisco opened an internal TAC case and the latest IOS (12.4) is the ONLY IOS for the ASR that will correctly implement NAT!  Amazing that they had a product line out for almost a year that couldn't do simple NAT.

We've had many buggy issues with the ASR over the past year.

VRF-aware NAT won't be supported until 12.5
0
 
harbor235Commented:


What does "show ip nat translations" look like?

harbor235 ;}
0
 
harbor235Commented:


Try NVI (NAT virtual interface) , elimates teh ip nat inside/outside commands;

int interface GigabitEthernet0/0/3.101
no ip nat inside
ip nat enable
interface Serial0/1/0/1:0
no ip nat outside
exit

clear ip nat trans *

harbor235 ;}


0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Program652Author Commented:
NVI is not supported inmy versio of IOS EX (12.2).  It might be in 12.3 and I may try that as well.

Did get an email from my accont rep today.  He states that NAT aware VRF's are not supported and will not until release 2.5.0 comes out in Sept.
0
 
Program652Author Commented:
Also to answer the question earlier, sh ip nat translations shows what I woudl expect to see:  inside local, outside local, inside global, outside global as I expect them all.
0
 
harbor235Commented:


Nat translations:

Yah, but do you see the static assignment you specified ?

Software support:

not supported, right, verified via feature navigator, not supported.

harbor235 ;}



0
 
harbor235Commented:


I would love to hear aboth the ASR, likes dislikes, problems, etc .... if you could. If not
I understand.

thank you,

harbor235
harbor235@gmail.com
0
 
harbor235Commented:
thanx for the update

harbor235 ;}
0
 
stoutmCommented:
Program652 -
I'm running into a similar issue. Do you have a TAC case or anything that would help reference something on Cisco's site?

Thanks
0
All Courses

From novice to tech pro — start learning today.