Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
5
Helpful
3
Replies

nat and tunnel

leungcm
Level 1
Level 1

‎06-30-2007 01:36 AM - edited ‎03-03-2019 05:40 PM

Hi,

We would like to config following:

1. setup tunnel in between R1 and R2

2. R1 is "ip nat inside" and R2 is "ip nat oustde"

3. I would like all users to access "66.x.x.2" this server, it must go to tunnel and through R2, R3 to outside internet to 66.x.x.2

following is the config. however, it does not work. what is missing? detail please refer attached file. please advice

Best regards

---- config

R1

!

interface Tunnel 1

ip address 172.16.1.1 255.255.255.252

ip nat inside

tunnel source 192.168.1.1

tunnel destination 192.168.10.1

!

ip route 66.x.x.2 255.255.255.255 172.16.0.2

!

--------

R2

!

interface FastEthernet0

ip address 64.x.x.1 255.255.255.240

ip nat outside

crypto map mymap ! had already had vpn

!

interface FastEthernet1

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface Tunnel 1

ip address 172.16.1.2 255.255.255.252

ip nat outside

tunnel source 192.168.10.1

tunnel destination 192.168.1.1

!

ip nat pool test 64.1.1.1 64.1.1.1 netmask 255.255.255.240

ip nat inside source list 10 pool test overload

!

ip nat inside source list 20 interface tunnel 1 overload

!

access-list 20 permit 172.16.1.0 0.0.0.255

access-list 10 permit 192.168.10.0 0.0.0.255

Labels:
Preview file
156 KB
0 Helpful
3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-30-2007 05:46 AM

Hello,

in practice R2 will do nat for users behind R1 as well, but only when R2 routes to R1 over tunnle, based on destination. Then:

- no "ip nat" statements on R1 are necessary.

- add "access-list 10 permit 192.168.1.0 0.0.0.255" to R2

- tunnel 1 should be NAT inside, not outside.

- remove "ip nat inside source list 20 interface tunnel 1 overload"

- use static routes or routing protocol

- all this assumes that you have already connectivity between 192.168.1 and .10 by some means not specified in the diagram.

between R1, R2 and R2 so that each one knows how to reach connected networks and you can ping from/to everywhere.

That should do it.

Hope this helps, please rate post if it does!

leungcm
Level 1
Level 1
In response to paolo bevilacqua

‎07-01-2007 08:22 AM

Hi,

Thank you very much. It is working.

Best regards

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to leungcm

‎07-01-2007 03:43 PM

Good job, considering that my post even got messed up by cut and paste editing.

Thanks for the nice rating and good luck!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card