NAT and GRE Tunnel

Unanswered Question
Aug 29th, 2007
User Badges:

I have four router (See Visio diagram attached)


Router A, B, C and D. On router B i have interfaces Gi0/1 which is configured as "ip nat inside" while the Multilink 1 is configured as "ip nat outside", GRE Tunnel 0 is configured with NO NAT.


The Senerio

I want to route RFC1918 IPs between Routers A and D via the Tunnel 0


I am doing NAT on Router B to get to the LAN with a rouable IP addresses.


Success

When traffic flows between LAN Public IP

(Non-RFC1918 Routable) and WAN RFC1918 NAT Translate OK


Problem

From Router D when LAN RFC1918 route traffic thru the Tunnel 0 to Router B I do not want NAT to take place on the Multilink 1. I want real IP address to route through however NAT take plase too.


Question

Knowing that i do Static NAT on Multilink1 How do i allow NAT from LAN

Public IP (Non-RFC1918 Routable) to WAN

RFC1918 10.10.10.10 and also not allow NAT to 10.10.10.10 if traffic originated from LAN RFC1918 via the Tunnel0


Thanks

Adeolu




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwalchez Tue, 09/04/2007 - 12:07
User Badges:

To add GRE to a working IPSec configuration, follow these steps.


Remove the crypto map from the interface.


Create the tunnel interfaces.


int tunnel

ip address private_ip subnet_mask

tunnel source outside_interface_name

tunnel destination peer_address

Modify the crypto access list as shown below.


access-list acl_name permit gre host tunnel_source_ip host peer_address

Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.


Reapply the crypto map to the physical interface and the tunnel interface.

Actions

This Discussion