Community discussions

 
brownjl
just joined
Topic Author
Posts: 8
Joined: Mon Mar 12, 2012 12:24 pm

VRF/ Internet access + Nat

Mon Jun 17, 2019 1:49 am

Hello,

Playing with VRFs to isolate a number of internal subnets. I have the isolation working quite well but I want to provide these subnets with internet access.

Testing with one particular sub-net I have added a route to the gateway@main table and then added in a nat for this subnet onto one of my public addresses. I have then added a pre-route mangle to route mark all packets coming back in to the natted public address to my VRF table. This works very well!

Now I want to replicate this with my other subnets. Unfortunately, I do not have enough public addresses to provide a one-to-one nat for each internal subnet. Prior to isolation with VRF's, I would have just had a nat for all the private addresses mapped on to my range of publics to avoid this.

So is there away I can route mark packets after they have been nat translated back into there internal addresses?

Any help would be appreciated.

Thanks

James

Who is online

Users browsing this forum: No registered users and 108 guests