Two way NAT and GRE

Unanswered Question
Mar 14th, 2007

I'm replacing a Cisco 4500 running IOS 12.1(22c) by a Cisco 2801 with IOS 12.4(1c) with (as much as possible) same configuration. All works fine except a GRE-tunnel that is traversing the router.

Debug of 4500 that works correct:

Mar 14 21:04:47.514: NAT: o: gre (192.168.15.250, 0) -> (206.122.181.69, 0) [11338]

Mar 14 21:04:47.514: NAT: s=192.168.15.250->10.18.0.61, d=206.122.181.69 [11338]

Mar 14 21:04:47.514: NAT: s=10.18.0.61, d=206.122.181.69->192.168.131.30 [11338]

Debug of failing session on 2801 shows:

*Mar 14 19:50:05.778: NAT*: o: gre (192.168.15.250, 0) -> (206.122.181.69, 0) [7805]

*Mar 14 19:50:05.778: NAT*: o: gre (192.168.15.250, 0) -> (206.122.181.69, 0) [7805]

*Mar 14 19:50:05.778: NAT*: s=192.168.15.250->10.18.0.61, d=206.122.181.69 [7805]

*Mar 14 19:50:05.778: NAT*: s=10.18.0.61, d=206.122.181.69->0.0.0.0 [7805]

Any useful suggestion is appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 03/15/2007 - 01:54

Hi

It looks like one of your nat translations is not working / missing ?

It's difficult to be precise without knowing your topolgy but you should have something like this on your 2800

ip nat inside source static 192.168.131.30 206.122.181.69

ip nat outside source static 192.168.15.250 10.18.0.61

The destination address of 206.122.181.69 is not getting translated.

Could you recheck your NAT statements.

If there is still nothing obvious could you post the relevant lines of config and the output of a "sh ip nat translations" after trying to send traffic.

HTH

Jon

kpeereboom Mon, 03/19/2007 - 08:48

Hi Jon,

thanks for your reply. I will attach the config of the router, which is almost identical (a had to make some changes because of different hardware) to the config of the 4500, where this worked.

Unfortunately I am not able to retrieve the result of the sh ip nat translations commands that I did during the test. I had to disconnect the router after the unsuccessful migration, but I did attach the result of a "sh ip nat tran" in a disconnectes state.

I hope this can be of use.

Attachment: 

Actions

This Discussion