NAT Public Addresses to diffrent VRFs

Hi,
We have a /28 on the outside and want to assign seperate IP addresses with NAT to seperate VRFS, for example:
130.140.131.78 -> NAT -> vrf A -> 192.168.1.1
130.140.131.79 -> NAT -> vrf B -> 192.168.1.1
on so on and so forth....
Is this possible ? I have tried several option but no luck/wisdom so far.
Gr. Gilles.
P.S. Platform are routers 29xx and 39xx

Hi,
what options have you tried already ?
I think that vrf-aware static nat will do the job, something like:
ip nat inside source static 192.168.1.1 130.140.131.78 vrf A
Cheers,
Mikhail.

Similar Messages

NAT is not working for VRF partially

Hello!
I have a diagram like this:
VRF_A and VRF_B have overlapping addressing plans from series 192.168.x.x.
As routing protocol in both of VRFs adopted RIP (I tried all, but effect much the same).
The closest to PE1 network is 172.16.0.0/24.
PE1:
ip vrf VRF_A rd 65001:1 route-target export 65001:1 route-target import 65001:1ip vrf VRF_B rd 65001:2 route-target export 65001:2 route-target import 65001:2ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_A overloadip nat inside source list 10 interface FastEthernet0/0 vrf VRF_B overloadip route vrf VRF_A 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 globalip route vrf VRF_B 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 globalinterface FastEthernet0/0 ip address 172.16.0.24 255.255.255.0 ip nat outside duplex fullinterface FastEthernet1/0 ip vrf forwarding VRF_A ip address 192.168.0.2 255.255.255.0 ip nat inside duplex full
interface FastEthernet4/0 ip vrf forwarding VRF_B ip address 192.168.0.2 255.255.255.0 ip nat inside duplex full
When I try ti ping 172.16.0.1 from CE11, CE21 and from VRF_A and VRF_B on PE1 - all if fine! NAT is performed and ping is OK.
But when I tried to ping from others (PE2 and CE21 and CE22) NAT is not performed, I see 192.168.x.x at Internet Router and ping is failled.
I'm in stupor. What could it be??? And how to avoid this situation? Are there "exits"?
I forgot to mention that there is a full connectivity inside both of VRFs. Routing protocols and redistribution work fine.
Kind regard,
Ellad

It's wrong:
PE1interface toward P1 ip nat insideinterface toward P2 ip nat inside
Here is PE1:Current configuration : 2829 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname PE1
boot-start-marker
boot-end-marker
no aaa new-model
ip subnet-zero
ip vrf VRF_A
rd 65001:1
route-target export 65001:1
route-target import 65001:1
ip vrf VRF_B
rd 65001:2
route-target export 65001:2
route-target import 65001:2
ip cef
ip audit po max-events 100
mpls label protocol ldp
interface Loopback0
ip address 10.0.2.1 255.255.255.255
interface FastEthernet0/0
ip address 172.16.0.24 255.255.255.0
ip nat outside
duplex full
interface FastEthernet1/0
ip vrf forwarding VRF_A
ip address 192.168.0.2 255.255.255.0
ip nat inside
duplex full
interface FastEthernet2/0 ip address 10.0.23.1 255.255.255.0
duplex full
tag-switching mtu 1512
tag-switching ip
interface FastEthernet3/0
ip address 10.0.24.1 255.255.255.0
duplex full
tag-switching mtu 1512
tag-switching ip
interface FastEthernet4/0
ip vrf forwarding VRF_B
ip address 192.168.0.2 255.255.255.0
ip nat inside
duplex full
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
router rip
version 2
no auto-summary
address-family ipv4 vrf VRF_B
redistribute bgp 65001 metric 1
network 192.168.0.0
no auto-summary
exit-address-family
router bgp 65001
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.5.1 remote-as 65001
neighbor 10.0.5.1 update-source Loopback0
address-family vpnv4
neighbor 10.0.5.1 activate
neighbor 10.0.5.1 next-hop-self
neighbor 10.0.5.1 send-community both
exit-address-family
address-family ipv4 vrf VRF_B
redistribute static
redistribute rip
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf VRF_A
no auto-summary
no synchronization
exit-address-family
ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_A overload
ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_B overload
ip classless
ip route vrf VRF_A 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 global
ip route vrf VRF_B 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 global
no ip http server
no ip http secure-server
ip extcommunity-list 1 permit soo 65002:901
access-list 1 deny   10.1.8.1
access-list 1 deny   10.0.8.1
                          access-list 1 deny   10.1.2.1
access-list 1 deny   10.0.2.1
access-list 1 permit any
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 192.168.1.0 0.0.0.255
route-map rm-soo permit 10
set extcommunity soo 65002:901!
route-map rm-soo-action deny 10
match extcommunity 1
route-map rm-soo-action permit 20
match ip address 1
gatekeeper
shutdown
line con 0
exec-timeout 144 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
1.0.5.1 is Loopback0 of P3. It's a route-reflector for all PEs. I study.
And all what you see above - Dynamipses. Internet router - real Ubuntu server.

Static nat & public IP on inside interface.

Hello Guys,
I am facing some issue related to static nat please provide your replies. let me explain the scenario.
At site we have 4 cameras connected on switch and NVR (network video recorder) also connected on the same switch.
Locally at site we are able to access the four cameras via http/web and also through NVR software .
In order to access this cameras from remote location, we did static natting in router with pubic ip address for this cameras private IP address. Find nat table below.
At remote site/from internet when we are adding the cameras in NVR software using public IP address. Later automatically public IP address resolving into private IP address.
We are able to access cameras individually using http://<public ip address for camera> but when we try to add it in INVR software its changing public ip address to private.
Camera Name
Private IP address
Public IP address
Camera 1
192.168.1.3
xx. x8.23.115
Camera 2
192.168.1.4
xx.x8.23.116
Camera 3
192.168.1.5
xx.x8.23.117
Camera 4
192.168.1.6
xx.x8.23.118
Below is the configuration for the router. I am concerned about the public IP address which is assigned on internal/LAN interface instead of outisde interface by ISP. In other project i experienced Public IP address is at outside interface and private is at inside interface and we do static nat for inside to outside interface.
But here when i access the cameras through public IP individually its working but not when i am adding this public IP in NVR software. May be something is wrong with static.
interface GigabitEthernet0/0.1
encapsulation dot1Q 868
ip address 172.20.38.26 255.255.255.252
ip nat outside
ip virtual-reassembly in
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0 secondary
ip address 212.x.x.113 255.255.255.240 (its a public IP address)
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip nat inside source list 10 pool SLT overload
ip nat inside source static 192.168.1.3 x.x.23.115
ip nat inside source static 192.168.1.4 x.x.23.116
ip nat inside source static 192.168.1.5 x.x.23.117
ip nat inside source static 192.168.1.6 x.x.23.118
ip route 0.0.0.0 0.0.0.0 172.20.38.25
access-list 10 permit 192.168.1.0 0.0.0.255
ip nat translation tcp-timeout 1000
ip nat translation udp-timeout 1000
ip nat pool SLT xx.xx.23.114 xx.xx.23.114 netmask 255.255.255.240
ip nat inside source list 10 pool SLT overload
Please advise on the above configuration. Your help in the above regard will be highly appreciated.
Many Thanks in Advance.

It is a bit odd to see the IPv4 address assigned this way. (Putting it on a Loopback would be a more elegant approach if the ISP is using private addresses for the WAN link.) But, there's nothing in here that would cause the NAT to fail. I suspect that the cameras are doing an HTTP redirect to their private IPv4 addresses at some point and this is causing your software to switch.
With this configuration, there's no reason why you can't just put the cameras directly on the public addresses and forego the NAT entirely. If there is a redirect going on, they will redirect to the correct IPv4 address and things will still work.

Cannot listen on public address

Hello,
I'm setting a Oracle Database inside an Amazon EC2 instance and I want it to be accessible from the outside. However, when I'm starting the listener, I've got this error :
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test-db)(PORT=1521)))
TNS-12543: TNS:destination host unreachable
TNS-12560: TNS:protocol adapter error
TNS-00513: Destination host unreachable
Linux Error: 113: No route to host
In my hosts file, I've added this line to correctly resolve the "test-db" host (x.x.x.x is the public IP of my EC2 instance). Pinging "test-db" does work properly
x.x.x.x test-db.fic-test-lab.com test-db
And finally, my listener.ora file looks like this:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = test-db)(PORT = 1521))
SID_LIST_LISTENER=
(SID_LIST=
(SID_DESC=
(GLOBAL_DBNAME=orcl)
(ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1)
(SID_NAME=orcl)
If I change "test-db" to "127.0.0.1", everything works perfectly, but the database is obviously not accessible from the outside. I can't find what step I'm missing...
Thanks,
jtellier

damorgan - I'm simply trying to set up a database that would be publicly accessible. The database version is 11gR2.
It was my understanding that if the address specified in listener.ora was 127.0.0.1, the listener would only accept connections from localhost, not from the outside. And that's what seems to be happening for me.
Pradeepan - When starting the listener without any listener.ora, I've got this error:
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=test-db.fic-test-lab.com)(PORT=1521)))
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12543: TNS:destination host unreachable
TNS-12560: TNS:protocol adapter error
TNS-00513: Destination host unreachable
Linux Error: 113: No route to host
sb92075 - Yes, it would make sense... ifconfig shows that eth0 has a 10. address and it doesn't show any interface with the public address. After reading the page posted by jgarry regarding EC2 instances addressing, I understand that the public IP is only used by NAT and is not known by the OS. So yeah, the cause seems to be the OS...
jgarry - Yes, it's the same address.
So now, if I understand the problem correctly with the additional info in the page posted by jgarry, the problem is that I can't put the public address in my listener.ora file because the OS doesn't know about this address. On the other hand, if the listener listen on localhost, it wont accept connections from the outside. Does that make sense?
Thanks,
--jtellier

HT5590 Use caching server with multiple public Addresses?

According to the Apple documentation, to use the caching server, all clients need to share the same public address via nat. On my network with many macs, this would appear to make the caching service useless, as we have multiple public addresses to which our clients are nat'ed (a full class C, to be exact). Is there anyway around this restriction, or am I simply going to be unable to use what looks like it would be a highly usefull service?

Yes, the multiple internal/private subnets mapping to a single public IP is very common in the education/enterprise arena. It is the basic hub-spoke topology:
where all spokes connect to needed resources at the hub, and only the hub is connected to the Internet. In the case of K-12 education, we need to run a content filter (by Federal rules) on student Internet connectivity. The most efficient way to do that is to locate the filter (along with other servers and resources) at the hub and then route all Internet traffic through the hub. Each spoke (and the hub) is a different internal/private network subnet ... 10.65.x.x, 10.66.x.x, etc. In my case I have 3M from each spoke to the hub, and then 45M from the hub to the Internet.
In the "old" days ... pre 10.8 ... we had (and still have for some of our oler 10.4 computers) a software update server at each spoke, and computers at each spoke were configured (with the Apple software update script) to get their updates from the update server at their spoke ... iApps as well as OS apps. This worked perfectly!
Now that Apple, in their Orwellian attempt to monitor and control iApps, has introduced this "either-or" attitude about using a local update server OR caching server (but not giving you the option to get iApps from the local update server) they have really hurt schools like mine. Without being able to serve all updates locally on each spoke, updating becomes impossible when you are tryiing to udpate a lab full of computers, and the iApp alone is 1.2G for EACH computer ...and now it must come from the Internet since the caching server is 'broken.'
I currently have case open with Apple Enterprise Support, and will now also get my K-12 Apple Support Tech invloved. I will share this info with them. Perhaps there is some solution that I do not know about, or perhaps there will be a solution created by Apple for situations like mine. I can't see being the only one with this problem, I just think that I may be one of the first to notice it due to my limiited bandwith situation.
Thanks for your insight. Your original post got me thinking and enabled me to identify what *I* feel is the problem. I will keep this thread updated.
M:>

ACE - server accessing itself or other servers on public addresses

Hi All,
On the ACE, is there a way for a server to hit itself or other server within the same vlan on their public addresses?
Any help on this issue would be much appreciated.
Regards,
Nilesh

Hello Siva,
Thank you for your reply. We already have a setup in place where both(servers and clients) can hit the same VIP using SNAT.
We have about a 100 servers in the same vlan behind an ACE context with a NAT each. Each server should be able to access itself and the other 99 servers on their public ip. Does that mean that I will have to configure a 100 serverfarms with a rserver per serverfarm?
Regards,
Nilesh

Edge deployment using Public Addresses.

I find acquiring information on my particularly question difficult to find so I am posting here.
Microsoft technet discusses a suggested egde topology with single consolidated edge and Public Ip addresses.
From my understanding would be to assign the 3 public Ip addresses directly to the External facing NIC of the edge server.
SO this would mean that the external facing subnet of the DMZ would have to be a public assigned subnet. Therefor the Firewalls interface within this subnet would also have to be a public address.
I would like to ask if anyone has set this up on a cisco ASA before?
I understand its better to use NAT in a single server scenario. BUT. I see that when using the planning tool and create a NATed edge network, it asks for the Reverse Proxy to have a Public IP address. Which would mean that I would therefor need 2 External
DMZ subnet zones.
Can anyone clarify this for me?
Thanks.

Hi kinesm,
AS for your questions.
1. Which means that the Interface of the external firewall that sits within the DMZ would ALSO require a public IP address within that subnet.
It’s easy to understand. You need two Public IP addresses at least , one for Edge in DMZ(Recommend three IP addresses), one for Firewall. You should know if a server in DMZ, all the traffic
should through the firewall.
Also the two Public IP addresses should be in the same subnet.
For example:
222.222.222.222
255.255.255.248
222.222.222.223
255.255.255.248
(222.222.222.216 ~ 222.222.222.223 are in the same subnet)
2. Also why in the planning tool when I tell it I will be using NAT addresses, why does it assign a PUBLIC IP address for the Reverse Proxy?
It’s a TMG or ISA server with Reverse Proxy.
Best regards,
Eric

WLC 7.4.100 NAT IP Address field missing

Hi
I know that very few people have their wireless controllers on version 7.4.100. But has any one noticed that the NAT IP address field in the management interface configuration menu is missing?, although it is mentioned as being present in the WLC 7.4 configuration guide. This would definitely affect Office-Extend.
I just thought I ask before I raise the issue with Cisco TAC.

Hello Osita,
As per your query i can propose you the following solution-
Control which address(es) are sent in CAPWAP discovery responses when NAT is enabled on the Management Interface using the following command:
config network ap-discovery nat-ip-only {enable | disable}
where:
–enable— Enables use of NAT IP only in a discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.
–disable—Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs are on the same controller.
For more information refer to the link-
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
Hope this will help.

Nat two identical services on interface Public Address

Hi all,
can i nat two internal address with same services on one public interface address?
I have an ASA 5515-X and i want to nat two services, tcp\80, on same ip public interface address:
object network Owa-Interno
host 10.0.1.4
object network Sito-Interno
host 10.0.1.8
nat (INSIDE,OUTSIDE) source static Owa-Interno interface service http http
nat (INSIDE,OUTSIDE) source static Sito-Interno interface service http http
object network INSIDE-LAN
nat (any,OUTSIDE) dynamic interface
Thanks in advance.
M

Hi Karsten,
thanks for reply, you confirmed that can not use.
Another question, with this configuration static nat and vpn should work correctly right:
interface GigabitEthernet0/1
nameif OUTSIDE
security-level 0
ip address 217.51.xxx.xxx 255.255.255.240
object network INSIDE-LAN
subnet 10.0.0.0 255.0.0.0
object network Owa-Interno
host 10.0.1.4
object network Sito-Interno
host 10.0.1.8
object network Rete_VpnAnyconnect
subnet 172.16.1.0 255.255.255.0
nat (INSIDE,OUTSIDE) source static Owa-Interno interface service https https
nat (INSIDE,OUTSIDE) source static Sito-Interno interface service http http
nat (INSIDE,OUTSIDE) source static INSIDE-LAN INSIDE-LAN destination static Rete_VpnAnyconnect Rete_VpnAnyconnect no-proxy-arp route-lookup
object network INSIDE-LAN
nat (any,OUTSIDE) dynamic interface
Thanks.
M

Change Lync 2013 Edge Server Natted public ip addresses

we changed public ip addresses for Lync 2013 edge. I changed only a/v edge service NAT-Enabled public ipv4 address to the new public ip address .
published the topology
run
Invoke-CsManagementStoreReplication command
restarted edge server.
what else to do to solve it ?
Error:
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.*****.com on port 5061.
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Hi,
Please re-run Step 2-Setup or Remove Lync Server Components after changing IP in topology.
Kent Huang
TechNet Community Support

NAT public /24 to private /24

Greetings,
I am looking for an easy way to NAT a public /24 to a private /24. Instead of me having to make NAT statements for each IP address it would be great if it was possible to do in one statement.
Is has to be one-to-one x.x.x.1 mapped to y.y.y.1, x.x.x.2 to y.y.y.2 etc.
Is this possible with ASA 5545 running 9.22, and how?
Regards
Kenneth

Hi Kenneth,
In ASA version 8.3+ you can use Auto NAT to achieve the desired results.
Create one object network for private subnet and one for public subnet. See example:
object network INSIDE
subnet 10.1.1.0 255.255.255.0
object network OUTSIDE
subnet 30.1.1.0 255.255.255.0
Then under the private subnet, define the nat statement.
object network INSIDE
subnet 10.1.1.0 255.255.255.0
nat (inside,outside) source static INSIDE OUTSIDE
HTH
"Please rate useful posts and mark the answer as correct if it solves your issue"

Using public address of backup internet

I have a public ip address that I want to Nat, however it belong to the backup internet which is on standby for failover, the primary internet I dont have public static ip address, can I use the backup internet static ip address to do 1 to 1 Nat for outsider to get into my server.??

Do you own your public IPs and advertise them to the ISPs or are the public IPs ones that the ISPs allocated to you and you don't advertise any public IPs to either ISP.
I suspect it is the second one ie. you were allocated them and if so then what you are trying to do won't work as far as I know.
The issue is the public IP you are trying to use was allocated to you by the backup ISP. They own this IP and are responsible for advertising it to the rest of the internet (as part of a larger range).
The primary provider does not own this IP ie. it is not part of their public IP address space so they don't advertise it to the internet.
This means all traffic to that public IP will come via the backup ISP.
The primary provider won't advertise out a single public IP that they don't own for you so you really only have a couple of choices -
1) use static PAT for the server if you only need access from the internet on certain ports. I'm assuming you have at least one public IP from the primary provider allocated to an interface on a router/firewall that you administer
2) if you can't use static PAT then you need to purchase some more public IPs from your primary provider.
There are no other solutions I am aware of.
Jon

On UPnP and NAT (Network Address Translation)

Why UPnP is an often asked Question.
This article goes a long way to say why.
A couple of Quotes
*What is UPnP?*
Universal Plug and Play (UPnP) is an architecture for pervasive peer-to-peer network connectivity of PCs and intelligent devices or appliances, particularly within the home. UPnP builds on Internet standards and technologies, such as TCP/IP, HTTP, and XML, to enable these devices to automatically connect with one another and work together to make networking - particularly home networking - possible for more people.
*Are there other ways to solve the problem of NAT traversal? If so, why is using UPnP the best choice?*
Yes, there are other ways to solve this problem, but no other mechanism currently exists as an industry standard to address this problem in an automatic way for the consumer and in such a universally-applicable way for the developer.
Simply Automated Starter Package
Other approaches require either manual intervention by the user or they require special development efforts by the Internet gateway device vendor and the software developer to handle the NAT traversal needs of specific applications. As a result, UPnP is uniquely able to solve this important problem.
*Consumer does the work.* The manual intervention methods of NAT traversal require a consumer to use a browser, a graphical user interface-based tool on the PC, or a command line interface tool on the PC to change some settings on the Internet gateway device in the home. While some technical enthusiast users have little difficulty with this, many consumers do not feel comfortable doing this. Further, many consumers may not even realize that NAT traversal problems are interfering with their use of services across the Internet. _The user may be attempting to play a multi-player game or engage in some other peer-to-peer service but find he or she cannot connect for some reason._ This leads to troubleshooting, support calls, customer dissatisfaction, and reluctance on the part of the user to try new services or experiences in the future.
*Developer does the work.* To avoid requiring the consumer to solve this NAT traversal problem manually, some Internet gateway device vendors have written and included application layer gateway support into their devices. This application layer gateway software is designed with specific applications in mind. In other words, the device vendor writes and tests specific code that will automatically enable one application to go through the NAT. If the application software is updated, the application layer code the device vendor wrote may have to be updated and tested again. This one-at-a-time way of chasing the NAT traversal problem is manageable for device vendors when there are only a few peer-to-peer or relevant applications to consider, but this approach does not scale well to 100s or 1000s of applications, can be very expensive to pursue, and likely requires specific knowledge of how each of these applications function. The better way to approach this problem is to have the device vendor add software or firmware to their device once to understand UPnP and have other devices and software be able to communicate with the NAT device using this same technology. UPnP is uniquely able to fulfill this role today.
I have underlined a passage in the last.
I hope this helps in some way.
6:58 PM Tuesday; January 1, 2008

          Look for bindAddr in the weblogic.properties doc.
          weblogic.system.bindAddr
          You can use a dns name instead of an ip address
          Mike
          David Chen <[email protected]> wrote:
          >We are planning to add a client that needs to access our weblogic cluster
          >through firewalls with IP address translation. According to the WebLogic
          >(5.1) documentation, this could be done by opening port 7001 in the
          >firewalls, and BIND WebLogic SERVER INSTANCES TO DNS NAMES. Does anyone
          >know how to bind WebLogic server instances to DNS names? Should it be
          >done in weblogic.properties?Thanks in advance,David [email protected]

TNS Return inside NAT IP address and not outside NAT

When trying to connect from outside of our network using the tnsnames.ora file under $ORACLE_HOME/network/admin, TNS protocol returns the inside NAT and not the outside NAT ( Network adress translation ) , causing the session to time out ( TNS no listener ), since the transaction is addressed to the inside interface and not the outside.
NAT is done at the router level , CISCO 6509.
Is there any solution for htis problem. When using HTTP protocol at the application level, this does not seem to happen

Sambacho,
Did you ever resolve this issue or did anyone provide you with a potential solutions.
Sincerely,
--Jim

Natting 2 addresses

Is it possible for my router to pat 2 internet addresses given by my isp, would I need to have say both ip's either on one or 2 interfaces ?

You could use access-lists on your nat statements stating nat portion1 of internal address space to ISP address 1 and portion2 of internal address space to ISP address 2
HTH

NAT Public Addresses to diffrent VRFs

Similar Messages

Maybe you are looking for