This guide is the simplest way to route between 2 VRFs on a Cisco router. I didn’t invent this method as someone showed it to me.
Here’s the GNS3 project + images if you want to follow along.
Essentially IOU1 is the client with 192.168.1.1, and the default gateway is IOU2. IOU2 PATs outbound via the WAN link which is in a WAN VRF. IOU2 has a static route in the global routing table pointing to 126.96.36.199, and the return traffic has a route-map applied to make sure it uses the global RIB.
So when IOU1 pings 188.8.131.52 it’s sourced from 192.168.1.1. When it reaches IOU2 it enters on the default VRF. It has the static route which uses the interface + next-hop IP thus allowing the same default even though e0/1 is in the WAN VRF. Finally, the return traffic (after being NAT’d) matches the PBR which says to use the global RIB instead of the WAN VRF.
IOU1: R1#sh run int e0/0 Building configuration... Current configuration : 67 bytes ! interface Ethernet0/0 ip address 192.168.1.2 255.255.255.0 end R1#sh run | i route ip route 0.0.0.0 0.0.0.0 192.168.1.1
IOU2: R2#sh run int e0/0 Building configuration... Current configuration : 108 bytes ! interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in end R2#sh run int e0/1 Building configuration... Current configuration : 152 bytes ! interface Ethernet0/1 vrf forwarding WAN ip address 184.108.40.206 255.255.255.252 ip nat outside ip virtual-reassembly in ip policy route-map PBR end R2#show run | i ip nat inside ip nat inside ip nat inside source list 1 interface Ethernet0/1 overload R2#show run | i access-list 101 access-list 101 permit ip any 192.168.1.0 0.0.0.255 R2#show run | i route ip route 0.0.0.0 0.0.0.0 Ethernet0/1 220.127.116.11 ip route vrf WAN 0.0.0.0 0.0.0.0 18.104.22.168 R2#show run | s route-map route-map PBR permit 10 match ip address 101 set global
IOU3: R3#show run int e0/1 Building configuration... Current configuration : 65 bytes ! interface Ethernet0/1 ip address 22.214.171.124 255.255.255.252 end R3#sh run int lo0 Building configuration... Current configuration : 63 bytes ! interface Loopback0 ip address 126.96.36.199 255.255.255.255 end