Inter-VRF NAT in DMVPN Deployments
One of my users couldn’t get the inter-VRF NAT to work after watching the DMVPN webinars (no real surprise there, the VRF lite concept is covered in more details in the Enterprise MPLS/VPN webinar) so I decided to write a short document describing the details.
If the global is default free, what would be the use case for having front vrf. Seems to me that in this case we are splitting the network in separate vrfs just to join those vrfs later with NAT.
Still this is definitely very useful if you have multiple VRFs on customer side - you can provide direct internet connectivity to all of them.
One of the scenarios would be two DMVPN tunnels on two Internet uplinks. If you want to make sure traffic from each tunnel uses its own uplink, two front VRFs are the only solution that work(ed?).
Also, it seems IWAN uses the same approach (makes things consistent regardless of what you're doing on top of DMVPN).
Sure it has, Cisco just makes you jump through hoops in order to make it work.
Darren has an excellent post about this functionality.