NAT vrf-aware

In a network topology that uses NAT, VPNs, as well as VRFs, if you have two hosts connected to two different VPNs with the same IP addresses, in order for them to communicate, the vrf keyword and a VRF name must be used in the ip nat command like so:

Device(config)# ip nat inside source list 1 interface ethernet 0 vrf vrf1 overload

NAT by default is VRF-aware. In order to extend this VRF-awareness for intra-VPN NAT, use the match-in-vrf keyword.


Links to this page: