Hi...

My config for C3640

All IP addresses have been invented...

------------sh run---------

!

interface Tunnel2

ip address 10.10.12.2 255.255.255.252

ip route-cache flow

ip tcp adjust-mss 1400

keepalive 10 3

tunnel source 192.168.10.250

tunnel destination 192.168.122.248

!

interface Tunnel3

ip address 10.10.12.6 255.255.255.252

ip route-cache flow

ip tcp adjust-mss 1400

keepalive 10 3

tunnel source 192.168.10.250

tunnel destination 192.168.123.247

!

interface Tunnel4

ip address 10.0.1.9 255.255.255.252

ip access-group FDSin_acl in

ip access-group FDSout_acl out

tunnel source 195.148.134.29

tunnel destination 191.22.2.7

!

interface FastEthernet3/0

no ip address

no ip proxy-arp

speed 100

full-duplex

no cdp enable

hold-queue 4096 in

hold-queue 4096 out

!

interface FastEthernet3/0.5

encapsulation dot1Q 5

ip address 192.168.5.250 255.255.255.0

no ip proxy-arp

no cdp enable

!

interface FastEthernet3/0.10

encapsulation dot1Q 10

ip address 192.168.10.250 255.255.255.0

no ip proxy-arp

ip virtual-reassembly

no cdp enable

!

interface FastEthernet3/0.84

encapsulation dot1Q 84

ip address 195.148.134.29 255.255.255.0

ip nat outside

ip virtual-reassembly

no cdp enable

crypto map EXT_map

!

interface Serial3/1:15

no ip address

encapsulation hdlc

isdn switch-type primary-net5

isdn incoming-voice modem

isdn sending-complete

no cdp enable

!

interface Group-Async1

ip unnumbered FastEthernet3/0.84

ip nat inside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer in-band

dialer idle-timeout 3600 either

dialer-group 1

async mode dedicated

peer default ip address pool dialin

ppp authentication chap callin PPP_AUTH

group-range 65 94

crypto map EXT_map

!

ip local pool dialin 10.100.100.1 10.100.100.31

!

ip nat pool dialout_nat 195.148.134.19 195.148.134.19 prefix-length 24

ip nat inside source list 100 pool dialout_nat overload

!

access-list 100 permit ip 10.100.100.0 0.0.0.255 any

!

-------------------------

I do "ip nat outside" for sub_interface FastEthernet3/0.84 and ALL int Tunnels is DOWN, but NAT enable good...

Why??? Also what i do make not so???

-------------debug ip nat---------

1w0d: NAT: creating portlist proto 1 globaladdr 195.148.134.19

1w0d: NAT: [0] Allocated Port for 10.100.100.1 -> 195.148.134.19: wanted 768 got 768

1w0d: NAT: i: icmp (10.100.100.1, 768) -> (195.148.134.26, 768) [16889]

1w0d: NAT: s=10.100.100.1->195.148.134.19, d=195.148.134.26 [16889]

1w0d: NAT: o: icmp (195.148.134.26, 768) -> (195.148.134.19, 768) [61349]

1w0d: NAT: s=195.148.134.29, d=195.148.134.19->10.100.100.1 [61349]

1w0d: NAT: installing alias for address 195.148.134.19

1w0d: NAT*: GRE port: 1677931868 - [48808]

1w0d: NAT*: GRE port: 1677931868 - [48809]

1w0d: NAT*: GRE port: 1677931868 - [48810]

1w0d: NAT*: GRE port: 1677931868 - [48814]

1w0d: NAT*: GRE port: 1677931868 - [48815]

1w0d: NAT*: GRE port: 1677931868 - [48816]

1w0d: NAT*: GRE port: 1677931868 - [48817]

1w0d: NAT*: GRE port: 1677931868 - [2953]

1w0d: NAT*: GRE port: 1677931580 - [2953]

1w0d: NAT*: GRE port: 1677931868 - [49471]

1w0d: NAT: GRE port: 1680105516 - [2953]

1w0d: NAT*: GRE port: 1677931868 - [49472]

1w0d: NAT*: GRE port: 1677931868 - [49473]

1w0d: NAT*: GRE port: 1677931868 - [49475]

1w0d: NAT*: GRE port: 1677931868 - [49476]

1w0d: NAT*: GRE port: 1677931868 - [49477]

1w0d: NAT: GRE port: 1680105516 - [49474]

----------------------------

Also why don' matching ip-addresses in access-list 100 do NAT (NAT: GRE port:)...

----------

Sincerely...

Div