NAT and GRE Tunnel

Unanswered Question
Aug 29th, 2007
User Badges:

I have four router (See Visio diagram attached)

Router A, B, C and D. On router B i have interfaces Gi0/1 which is configured as "ip nat inside" while the Multilink 1 is configured as "ip nat outside", GRE Tunnel 0 is configured with NO NAT.

The Senerio

I want to route RFC1918 IPs between Routers A and D via the Tunnel 0

I am doing NAT on Router B to get to the LAN with a rouable IP addresses.


When traffic flows between LAN Public IP

(Non-RFC1918 Routable) and WAN RFC1918 NAT Translate OK


From Router D when LAN RFC1918 route traffic thru the Tunnel 0 to Router B I do not want NAT to take place on the Multilink 1. I want real IP address to route through however NAT take plase too.


Knowing that i do Static NAT on Multilink1 How do i allow NAT from LAN

Public IP (Non-RFC1918 Routable) to WAN

RFC1918 and also not allow NAT to if traffic originated from LAN RFC1918 via the Tunnel0



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwalchez Tue, 09/04/2007 - 12:07
User Badges:

To add GRE to a working IPSec configuration, follow these steps.

Remove the crypto map from the interface.

Create the tunnel interfaces.

int tunnel

ip address private_ip subnet_mask

tunnel source outside_interface_name

tunnel destination peer_address

Modify the crypto access list as shown below.

access-list acl_name permit gre host tunnel_source_ip host peer_address

Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.

Reapply the crypto map to the physical interface and the tunnel interface.


This Discussion