I am trying to work with a DMVPN setup where the LAN IP Networks of the Spoke routers need to be NAT'd when they arrive at the Hub router on their way into the core network. I have the DMVPN working just fine. The problem begins when I attempt to NAT by placing an ip nat inside statement on the Hub GRE Tunnel Interface used for the DMVPN network and the ip nat outside statement on the Hub gigabitEthernet interface leading to the LAN. The traffic begins to be NAT'd but after a few seconds the EIGRP neighbor between the Hub and Spoke goes down and the other end of the GRE tunnel is unable to be pinged even though it says it is up. Obviously, traffic stops flowing. When I remove the NAT statements everything starts working again. I'm thinking this may be a problem with NHRP and NAT but I'm not sure. Has anyone else attempted this? Thanks in advance for your help.
It sounds to me as if the address that is being used as the source of the tunnel at the spoke end might be getting NAT'd and is therefore not reachable. What output do you get from deb ip nhrp and deb tunnel on the hub? Also, if you could post your configs, that would help
I assume there's not another device before the core that could be doing the NAT as well, rather than doing it on the hub router?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...