06-23-2009 09:38 PM - edited 03-04-2019 05:13 AM
Hi...
My config for C3640
All IP addresses have been invented...
------------sh run---------
!
interface Tunnel2
ip address 10.10.12.2 255.255.255.252
ip route-cache flow
ip tcp adjust-mss 1400
keepalive 10 3
tunnel source 192.168.10.250
tunnel destination 192.168.122.248
!
interface Tunnel3
ip address 10.10.12.6 255.255.255.252
ip route-cache flow
ip tcp adjust-mss 1400
keepalive 10 3
tunnel source 192.168.10.250
tunnel destination 192.168.123.247
!
interface Tunnel4
ip address 10.0.1.9 255.255.255.252
ip access-group FDSin_acl in
ip access-group FDSout_acl out
tunnel source 195.148.134.29
tunnel destination 191.22.2.7
!
interface FastEthernet3/0
no ip address
no ip proxy-arp
speed 100
full-duplex
no cdp enable
hold-queue 4096 in
hold-queue 4096 out
!
interface FastEthernet3/0.5
encapsulation dot1Q 5
ip address 192.168.5.250 255.255.255.0
no ip proxy-arp
no cdp enable
!
interface FastEthernet3/0.10
encapsulation dot1Q 10
ip address 192.168.10.250 255.255.255.0
no ip proxy-arp
ip virtual-reassembly
no cdp enable
!
interface FastEthernet3/0.84
encapsulation dot1Q 84
ip address 195.148.134.29 255.255.255.0
ip nat outside
ip virtual-reassembly
no cdp enable
crypto map EXT_map
!
interface Serial3/1:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice modem
isdn sending-complete
no cdp enable
!
interface Group-Async1
ip unnumbered FastEthernet3/0.84
ip nat inside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer in-band
dialer idle-timeout 3600 either
dialer-group 1
async mode dedicated
peer default ip address pool dialin
ppp authentication chap callin PPP_AUTH
group-range 65 94
crypto map EXT_map
!
ip local pool dialin 10.100.100.1 10.100.100.31
!
ip nat pool dialout_nat 195.148.134.19 195.148.134.19 prefix-length 24
ip nat inside source list 100 pool dialout_nat overload
!
access-list 100 permit ip 10.100.100.0 0.0.0.255 any
!
-------------------------
I do "ip nat outside" for sub_interface FastEthernet3/0.84 and ALL int Tunnels is DOWN, but NAT enable good...
Why??? Also what i do make not so???
-------------debug ip nat---------
1w0d: NAT: creating portlist proto 1 globaladdr 195.148.134.19
1w0d: NAT: [0] Allocated Port for 10.100.100.1 -> 195.148.134.19: wanted 768 got 768
1w0d: NAT: i: icmp (10.100.100.1, 768) -> (195.148.134.26, 768) [16889]
1w0d: NAT: s=10.100.100.1->195.148.134.19, d=195.148.134.26 [16889]
1w0d: NAT: o: icmp (195.148.134.26, 768) -> (195.148.134.19, 768) [61349]
1w0d: NAT: s=195.148.134.29, d=195.148.134.19->10.100.100.1 [61349]
1w0d: NAT: installing alias for address 195.148.134.19
1w0d: NAT*: GRE port: 1677931868 - [48808]
1w0d: NAT*: GRE port: 1677931868 - [48809]
1w0d: NAT*: GRE port: 1677931868 - [48810]
1w0d: NAT*: GRE port: 1677931868 - [48814]
1w0d: NAT*: GRE port: 1677931868 - [48815]
1w0d: NAT*: GRE port: 1677931868 - [48816]
1w0d: NAT*: GRE port: 1677931868 - [48817]
1w0d: NAT*: GRE port: 1677931868 - [2953]
1w0d: NAT*: GRE port: 1677931580 - [2953]
1w0d: NAT*: GRE port: 1677931868 - [49471]
1w0d: NAT: GRE port: 1680105516 - [2953]
1w0d: NAT*: GRE port: 1677931868 - [49472]
1w0d: NAT*: GRE port: 1677931868 - [49473]
1w0d: NAT*: GRE port: 1677931868 - [49475]
1w0d: NAT*: GRE port: 1677931868 - [49476]
1w0d: NAT*: GRE port: 1677931868 - [49477]
1w0d: NAT: GRE port: 1680105516 - [49474]
----------------------------
Also why don' matching ip-addresses in access-list 100 do NAT (NAT: GRE port:)...
----------
Sincerely...
Div
06-24-2009 10:31 PM
Hello Viktor,
you have
interface Group-Async1
ip unnumbered FastEthernet3/0.84
ip nat inside
but fas3/0.84 is you nat outside interface
I wonder if this can be part of the problem.
About the GRE tunnels:
are you doing GRE inside IPSec?
you have applied the same crypto-map on both f3/0.84 and Group-Async1.
Hope to help
Giuseppe
06-25-2009 08:26 PM
>but fas3/0.84 is you nat outside interface
Yes... This is problem?
>are you doing GRE inside IPSec?
Yes it is...
>you have applied the same crypto-map on both f3/0.84 and Group-Async1.
Yes. Connects from Group-Async to local net via fa3/0.84
Why is down other tunnels in this int fa3/0???
----------
Serge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: