I want to set up a NAT-PE Internet Gateway and NAT vrf traffic using NAT-ON-A-STICK. Is this possible? Easy enough to do when it's IP traffic using policy-based routing as per this article: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a 0080094430.shtml Just wondering how you would apply the article in relation to when the traffic is MPLS/VRF based. I tried this config, but could not get it to work. NAT-PE Router: interface Loopback98 description Used for NAT-ON-A-STICK ip address 172.16.76.25 255.255.255.248 ip nat outside ! interface GigabitEthernet0/0.11 description Core/MPLS Network encapsulation dot1Q 11 ip address 203.10.110.X 255.255.255.224 ip nat inside ip virtual-reassembly ip policy route-map NAT-LOOP mpls ip ! ! Set default to next hop on P router in the global routing table ip route vrf NSTEST 0.0.0.0 0.0.0.0 GigabitEthernet0/0.11 203.10.110.Y global ! ip nat pool NSTEST-NAT-POOL 210.15.230.65 210.15.230.65 netmask 255.255.255.252 ip nat inside source list NSTEST-NAT-ACL pool NSTEST-NAT-POOL vrf NSTEST overload ! ip access-list standard NSTEST-NAT-ACL permit 192.168.0.0 0.0.255.255 ! route-map NAT-LOOP permit 10 match mpls-label set ip next-hop 172.16.76.26
P Router: ! Route public ip's to loopback98 on NAT-PE router ip route 210.15.230.64 255.255.255.252 Loopback98 172.16.76.25 My logic is flawed somewhere ;) Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/