NAT and GRE Tunnel

Unanswered Question
Aug 29th, 2007

I have four router (See Visio diagram attached)

Router A, B, C and D. On router B i have interfaces Gi0/1 which is configured as "ip nat inside" while the Multilink 1 is configured as "ip nat outside", GRE Tunnel 0 is configured with NO NAT.

The Senerio

I want to route RFC1918 IPs between Routers A and D via the Tunnel 0

I am doing NAT on Router B to get to the LAN with a rouable IP addresses.

Success

When traffic flows between LAN Public IP

(Non-RFC1918 Routable) and WAN RFC1918 NAT Translate OK

Problem

From Router D when LAN RFC1918 route traffic thru the Tunnel 0 to Router B I do not want NAT to take place on the Multilink 1. I want real IP address to route through however NAT take plase too.

Question

Knowing that i do Static NAT on Multilink1 How do i allow NAT from LAN

Public IP (Non-RFC1918 Routable) to WAN

RFC1918 10.10.10.10 and also not allow NAT to 10.10.10.10 if traffic originated from LAN RFC1918 via the Tunnel0

Thanks

Adeolu

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
bwalchez Tue, 09/04/2007 - 12:07

To add GRE to a working IPSec configuration, follow these steps.

Remove the crypto map from the interface.

Create the tunnel interfaces.

int tunnel

ip address private_ip subnet_mask

tunnel source outside_interface_name

tunnel destination peer_address

Modify the crypto access list as shown below.

access-list acl_name permit gre host tunnel_source_ip host peer_address

Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.

Reapply the crypto map to the physical interface and the tunnel interface.

Actions

Login or Register to take actions

This Discussion

Posted August 29, 2007 at 3:24 PM
Stats:
Replies:1 Avg. Rating:
Views:522 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard