I think the problem is because your VRF Red doesn't have route to the LAN. If [LAN] is switch, then you could try to create a route in VRF Red for the LAN network with the next hop is the IP address of the switch.
Regards, ---------------------------- Luan Nguyen Chesapeake NetCraftsmen, LLC. http://www.netcraftsmen.net ---------------------------- -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Gary T. Giesen Sent: Thursday, August 20, 2009 11:19 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] NAT Global to FVRF I've got a customer that requires localized Internet access from their DMVPN router (they currently receive a default route over the VPN). Their router is setup with the customer (inside) network in the global routing table, and their Internet connection sits inside a Front door VRF (FVRF). Has anyone done this, and have a working config? I've tried all manner of options but have yet to be successful NAT'ing between the global inside and outside FVRF. [ LAN ] ---[ CPE ]--- [ Internet ] Global -------> VRF "RED" NAT GG _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/