GRE Tunnel & NAT

Answered Question
Sep 18th, 2008
User Badges:

Hi,


I've setup 2 test routers with a GRE tunnel which is working fine in the test setup. My question is when I transfer this config to a live setup how would I exempt the traffic over the GRE tunnel from being natted? Everything else i.e. traffic destined for the internet should be patted to the outside interface. Would I need a route-map for this?


Thanks


R1

--

interface Tunnel0

ip address 192.168.200.2 255.255.255.0

ip ospf network broadcast

keepalive 10 3

tunnel source FastEthernet0

tunnel destination 1.1.1.1

crypto map mymap



interface FastEthernet0

Description Outside Interface

ip address 1.1.1.2 255.255.255.0

speed auto

crypto map mymap



R2

--


interface Tunnel1

ip address 192.168.200.1 255.255.255.0

ip ospf network broadcast

keepalive 10 3

tunnel source FastEthernet0

tunnel destination 1.1.1.2

crypto map mymap


interface FastEthernet0

Description Outside Interface

ip address 1.1.1.1 255.255.255.0

speed auto

crypto map mymap




Correct Answer by singhsaju about 8 years 9 months ago

Yes you are correct.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
singhsaju Thu, 09/18/2008 - 09:08
User Badges:
  • Silver, 250 points or more

Hi,


Since there is no "ip nat inside" on the Tunnel interfaces , the traffic going through GRE tunnel will not be NATted . You do not have to bypass NAT in this case.


HTH

Saju

Pls rate helpful posts

alraycisco Thu, 09/18/2008 - 09:18
User Badges:

Just to clarify, I can configure the inside and the outside interface for NAT and have no NAT statement on the Tunnel interface, which will cause internet bound traffic to be patted and traffic bound for the GRE tunnel to not be natted?


interface Tunnel1

ip address 192.168.200.1 255.255.255.0

ip ospf network broadcast

keepalive 10 3

tunnel source FastEthernet0

tunnel destination 1.1.1.2

crypto map mymap


interface FastEthernet0

Description Outside Interface

ip address 1.1.1.1 255.255.255.0

speed auto

crypto map mymap

ip nat outside


Interface Ethernet 0

Description Inside Interface

ip nat Inside


Thanks

Correct Answer
singhsaju Thu, 09/18/2008 - 09:33
User Badges:
  • Silver, 250 points or more

Yes you are correct.

Actions

This Discussion