NAT over Tunnel Interface

ravinderrajput · ‎10-10-2009

Hi,

here is a part of our router configuration

interface fastethernet0

description WAN Interface

ip address 71.5.x.x 255.255.255.252

exit

interface fastethernet1

description LAN Interface

ip address 124.247.x.x 255.255.255.128

ip address 172.16.x.x 255.255.0.0 secondary

exit

interface bri0/0

encapsulation ppp

no ip route-cache

no ndsp enable

no mpls route-cache

exit

interface tunnelx

tunnel mode gre ip

tunnel source 71.5.x.x

tunnel destination 71.5.x.x

ip address 10.240.x.x 255.255.255.252

mtu 1524

ip tcp adjust-mss 1420

exit

ip route 0.0.0.0 0.0.0.0 tunnelx

ip route 71.0.0.0 255.0.0.0 71.5.x.x

Now i have two questing

1. Why do we have two routes.

2. I want to configure PAT.

While configuring PAT if i make int f0(WAN) as NAT outside interface nothing works and if i make tunnelxx as NAT outside interface translation does takes place(sh ip nat trans) but internet does not work. here is what i do to configure NAT.

ON FE1

ip nat inside

ON FE0 OR TUNNXX

ip nat ouside

ACL

access-list 1 permit 172.16.x.x 255.255.0.0

NAT

ip nat inside source list 1 interface f0 or tunnxx overload

where am i going wrong..?

thanks in advance

regards

gfremgen · ‎10-11-2009

You seem to have the nats on the ints correct, but you may need to deny traffic in the acl so you do not nat everything. WHat are you attempting? Is this a split tunnel or do you want all traffic to use the tunnel?

ravinderrajput · ‎10-11-2009

Thanks for the reply...well i didn't get your point when you say " so you don't nat everything."

I just want to configure NAT so that users can access internet..and i don't know if it is a split tunnel

Thanks