Networking

cisco – Proxy arp not working on the nat outside interface (participating in a VRF)

My Router is not making the acting as a Proxy for the ARP requests for the NATted IP’s on the NAT oustide intterface.
Here’s the interface config :

ISR#sh run int fa0/0.101
Building configuration...

Current configuration : 169 bytes
!
interface FastEthernet0/0.101
 encapsulation dot1Q 101
 ip vrf forwarding Hydrol
 ip address 192.168.101.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly
end

Interface FastEthernet0/0 is connected to another router which is the gateway for Vlan101 and has the IP: 192.168.101.1

ISR#sh run int vlan444
Building configuration...

Current configuration : 156 bytes
!
interface Vlan444
 ip vrf receive Hydrol
 ip address 11.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map VRF_TO_GLOBAL
end

Router is doing following NAT: ip nat inside source static 11.0.0.3 192.168.101.36

Routing is setup fine, and 11.0.0.3 should be able to ping 192.168.101.1.
ICMP Packet reaches till the gateway – but when the gateway tries to ARP for 192.168.101.36 , the NAT router does not respond to the ARP request.
I’ve tried manually entering ip-proxy arp on the interface, but it has not effect because it is a default command.

When i manually enter a static ARP entry for 192.168.101.36 on the gateway device – pointing to the NAT outside interface MAC address- everything works as expected.

I’ve tried multiple router series (3945,4500,IR) to do the NAT function with the similar config/setup – and i saw this issue on all series
So i’m sure it’s a config issue – not the device issue.

Is there something more to be done when the NAT outside interface is in a VRF – to make the proxy-arp work

Please help !


Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker