NAT and GRE Tunnel

sanyaolu · ‎08-29-2007

I have four router (See Visio diagram attached)

Router A, B, C and D. On router B i have interfaces Gi0/1 which is configured as "ip nat inside" while the Multilink 1 is configured as "ip nat outside", GRE Tunnel 0 is configured with NO NAT.

The Senerio

I want to route RFC1918 IPs between Routers A and D via the Tunnel 0

I am doing NAT on Router B to get to the LAN with a rouable IP addresses.

Success

When traffic flows between LAN Public IP

(Non-RFC1918 Routable) and WAN RFC1918 NAT Translate OK

Problem

From Router D when LAN RFC1918 route traffic thru the Tunnel 0 to Router B I do not want NAT to take place on the Multilink 1. I want real IP address to route through however NAT take plase too.

Question

Knowing that i do Static NAT on Multilink1 How do i allow NAT from LAN

Public IP (Non-RFC1918 Routable) to WAN

RFC1918 10.10.10.10 and also not allow NAT to 10.10.10.10 if traffic originated from LAN RFC1918 via the Tunnel0

Thanks

Adeolu

bwalchez · ‎09-04-2007

To add GRE to a working IPSec configuration, follow these steps.

Remove the crypto map from the interface.

Create the tunnel interfaces.

int tunnel

ip address private_ip subnet_mask

tunnel source outside_interface_name

tunnel destination peer_address

Modify the crypto access list as shown below.

access-list acl_name permit gre host tunnel_source_ip host peer_address

Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.

Reapply the crypto map to the physical interface and the tunnel interface.