I’ve been struggling to find a quick and dirty guide to use NAT Pool Overloads between two VRF’s. A lot of the guides I came across either had RDs, BGP or NATting into the global VRF table. All I wanted was to have Red talk to Blue by NATting the Red network to a NAT Pool which is routeable by Blue. In my scenario I would have an internet connection in a WWW VRF and my internal servers in a 10 VRF. I guess you could argue why to even use VRF’s in this case as there is no benefit in this specific example, but anyway. So here we go.
Build our VRF
ip vrf 10
ip vrf WWW
Configure the interfaces with IP’s in the right VRF
ip vrf forwarding WWW
ip address 188.8.131.52 255.255.255.252
ip nat enable
ip vrf forwarding 10
ip address 10.0.0.1 255.255.255.0
ip nat enable
Add a default route into the 10 VRF, exiting the Fa0/0 interface which will mark it in the WWW VRF and aim for a next hop of 184.108.40.206.
ip route vrf 10 0.0.0.0 0.0.0.0 FastEthernet0/0 220.127.116.11
Allow our host to use the NAT Pool.
ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.255 any
Make sure to specify the add-route to the back of your NAT Pool, otherwise when the return traffic comes back it will be dropped as there is no 18.104.22.168/24 subnet in the WWW VRF.
ip nat pool Global 22.214.171.124 126.96.36.199 netmask 255.255.255.0 add-route
Overload your NAT Pool in the 10 VRF.
ip nat source list NAT pool Global vrf 10 overload
NOTE: This only works in IOS, not IOS XE