Проблема с маршрутизатором Cisco и сбоями NAT и stati c маршрута по умолчанию

Question

У меня есть маршрутизатор Cisco, который использует VRF для поддержки VPN-туннеля между сайтами. Я добавил в маршрутизатор вторую сеть для не-VPN стандарта inte rnet. Моя проблема в том, что мой маршрут stati c по умолчанию не отображается в таблице маршрутизации без VRF, и ни одно из устройств, которые получают DHCP от маршрутизатора, не показывает трансляции NAT и не получает inte rnet. Ниже приведены настройки маршрутизатора и таблицы маршрутизации.

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
boot-start-marker
boot system flash c800-universalk9-mz.SPA.154-3.M5.bin
boot-end-marker
aqm-register-fnf
vrf definition INTERNET
 address-family ipv4
 exit-address-family

ip dhcp excluded-address 192.168.92.1 192.168.92.9
ip dhcp pool TSC_INET
 network 192.168.92.0 255.255.255.0
 default-router 192.168.92.1 
 dns-server 8.8.8.8 8.8.4.4 
 lease 8
ip cef
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
license udi pid C892FSP-K9 sn FCZ190594MQ
no crypto ikev2 authorization policy default
no crypto ikev2 proposal default
no crypto ikev2 policy default
crypto keyring TSC-VPN1 vrf INTERNET 
  pre-shared-key address 198.140.189.108 key *****************
crypto logging session
no crypto isakmp default policy
crypto isakmp policy 10
 encr aes 256
 hash sha256
 authentication pre-share
 group 14
 lifetime 28800
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 10
crypto isakmp profile TSC-VPN1
   keyring TSC-VPN1
   self-identity address
   match identity address 198.140.189.108 255.255.255.255 
   match identity address 198.140.189.108 255.255.255.255 INTERNET
   local-address GigabitEthernet9
no crypto ipsec transform-set default
crypto ipsec transform-set ESP-AES-256-SHA256-HMAC esp-aes 256 esp-sha256-hmac 
 mode tunnel
crypto ipsec profile TSC-VPN1
 set transform-set ESP-AES-256-SHA256-HMAC 
 set pfs group14
no crypto ipsec profile default
interface Tunnel1
 description TSC-VPN1 Tunnel
 ip address 100.70.8.1 255.255.255.254
 ip tcp adjust-mss 1350
 tunnel source 50.220.76.154
 tunnel mode ipsec ipv4
 tunnel destination 198.140.189.108
 tunnel vrf INTERNET
 tunnel protection ipsec profile TSC-VPN1
interface GigabitEthernet0
 no ip address
interface GigabitEthernet1
 no ip address
interface GigabitEthernet2
 no ip address
interface GigabitEthernet3
 no ip address
interface GigabitEthernet4
 no ip address
interface GigabitEthernet5
 no ip address
interface GigabitEthernet6
 no ip address
interface GigabitEthernet7
 no ip address
interface GigabitEthernet8
 no ip address
 ip virtual-reassembly in
 duplex auto
 speed auto
interface GigabitEthernet8.10
 encapsulation dot1Q 10
 ip address 192.168.10.2 255.255.255.0
interface GigabitEthernet8.91
 encapsulation dot1Q 91
 ip address 100.70.11.1 255.255.255.0
 ip virtual-reassembly in
interface GigabitEthernet8.92
 encapsulation dot1Q 92
 ip address 192.168.92.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
interface GigabitEthernet9
 vrf forwarding INTERNET
 ip address 50.220.76.154 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
interface Vlan1
 no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list NAT interface GigabitEthernet9 overload
ip route 0.0.0.0 0.0.0.0 50.220.76.153
ip route 100.70.9.0 255.255.255.0 100.70.8.0
ip route 100.70.10.0 255.255.255.0 100.70.8.0
ip route 172.16.32.0 255.255.255.0 100.70.8.0
ip route 172.16.64.0 255.255.255.0 100.70.8.0
ip route 172.16.85.0 255.255.255.0 100.70.8.0
ip route 172.16.99.0 255.255.255.0 100.70.8.0
ip route 172.17.33.0 255.255.255.0 100.70.8.0
ip route 172.17.99.80 255.255.255.255 100.70.8.0
ip route vrf INTERNET 0.0.0.0 0.0.0.0 50.220.76.153
ip ssh version 2
ip access-list standard NAT
 permit 192.168.92.0 255.255.255.0
control-plane
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
mgcp profile default
line con 0
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 transport input ssh
line vty 5 15
 exec-timeout 0 0
 logging synchronous
 transport input ssh
scheduler allocate 20000 1000

#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      100.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C        100.70.8.0/31 is directly connected, Tunnel1
L        100.70.8.1/32 is directly connected, Tunnel1
S        100.70.9.0/24 [1/0] via 100.70.8.0
S        100.70.10.0/24 [1/0] via 100.70.8.0
C        100.70.11.0/24 is directly connected, GigabitEthernet8.91
L        100.70.11.1/32 is directly connected, GigabitEthernet8.91
      172.16.0.0/24 is subnetted, 4 subnets
S        172.16.32.0 [1/0] via 100.70.8.0
S        172.16.64.0 [1/0] via 100.70.8.0
S        172.16.85.0 [1/0] via 100.70.8.0
S        172.16.99.0 [1/0] via 100.70.8.0
      172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
S        172.17.33.0/24 [1/0] via 100.70.8.0
S        172.17.99.80/32 [1/0] via 100.70.8.0
      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, GigabitEthernet8.10
L        192.168.10.2/32 is directly connected, GigabitEthernet8.10

#sh ip route vrf INTERNET
Routing Table: INTERNET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 50.220.76.153 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 50.220.76.153
      50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        50.220.76.152/29 is directly connected, GigabitEthernet9
L        50.220.76.154/32 is directly connected, GigabitEthernet9
#