Hi,
In the TS Lab 1 from Workbook Volume II. I'm having a difficult time understanding (making logical sense) of the NAT VRF configuration on R4.
DEFINE OUR ROUTE-TARGETS
ip vrf VPN345
rd 345:345
route-target export 345:1
route-target import 345:1
!
DEFINE OUR VRF INTERFACES AND NAT INSIDE OUTSIDE PARAMETERS:
!
interface Loopback1
ip vrf forwarding VPN345
ip address 172.16.4.4 255.255.255.0
!
!
interface FastEthernet0/1
ip address 10.22.0.41 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface Serial0/0/0.1 point-to-point
ip address 10.22.0.49 255.255.255.252
ip nat outside
ip virtual-reassembly
mpls ip
frame-relay interface-dlci 405
!
interface Serial0/0/0.2 point-to-point
ip vrf forwarding VPN345
ip address 172.16.34.4 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ADD IGP FOR VRF
router rip
version 2
no auto-summary
!
address-family ipv4 vrf VPN345
network 172.16.0.0
default-information originate
no auto-summary
exit-address-family
!
REDISTRIBUTE RIP (VRF) INTO BGP
router bgp 65003
address-family ipv4 vrf VPN345
redistribute rip
no synchronization
exit-address-family
HERES WHAT GETS ME!
ip route vrf VPN345 0.0.0.0 0.0.0.0 10.22.0.42 global
!
ip nat inside source list INTERNET_ACCESS interface Loopback0 vrf VPN345 overload
!
ip access-list extended INTERNET_ACCESS
permit ip any 10.0.0.0 0.255.255.255
I understand the default route for the vrf towards 10.22.0.42 to use the global routing table (to get there). I understand it uses the Loopback0 interface and overloads it.
What I DO NOT understand is why the "inside source list" INTERNET_ACCESS defines the network 10.0.0.0 0.255.255.255. By all logic this should be the network to be translated.
So shouldn't it be 172.16.0.0/24 defined in the INTERNET_ACCESS ACL?
The above config works, I just do not understand why it works. I've seen this type of configuration in real life and the inside source list is the inside network, not the outside network.
Any thoughts? Thanks