Hi All,
We have a LAN and Isolation network(under VRF), From LAN network I want to route a specific client to to Isolated/VRF to reach the internet.
Requirement:
- Route from LAN to VRF using PBR
- Nat the source IP from lan to isolated network segment
I'm able to see that IP is being translated and being forwarded to tunnel however it seems like the client is not receiving any response. Here's the topology and configuration:
## FROM EDGE ROUTER interface Ethernet0/1.501 encapsulation dot1Q 501 ip address 10.67.96.2 255.255.255.252 ip nat inside ip virtual-reassembly in ip policy route-map V301TOZSCALER ! interface Ethernet0/1.689 encapsulation dot1Q 689 ip vrf forwarding ZSCALER ip address 192.168.0.2 255.255.255.0 ! ip access-list standard NAT:VOIP_IP permit 10.67.101.11 ip access-list standard VOIP_IP permit 10.67.101.11 ! route-map V301TOZSCALER permit 10 match ip address VOIP_IP set vrf ZSCALER route-map V301TOZSCALER permit 20 ! ip nat inside source list NAT:VOIP_IP interface Ethernet0/1.689 vrf ZSCALER overload ! ip route 10.67.101.0 255.255.255.0 10.67.96.1 ip route vrf ZSCALER 0.0.0.0 0.0.0.0 Tunnel1001 Any inputs?
Thank you
No comments:
Post a Comment