Cisco 2811 Routing between two Eth if. using GRE Tunnel

Hello Forum,

I have established a VPN IPSec GRE tunnel to my counterparty. It's up and stable. Logged into the cisco router, I can make a telnet to a

server on Cpty-Side with

cisco2811# telnet 10170 /source-interface FastEthernet0/1

Trying, 10170 … Open

But I need the connection on another computer in my private Network ( There is a Java Software that needs to connect to a server

within the network of the counterparty. Telnet from to above address returns with time-out error.


I've got the following information from Cpty:

|> Any connections attempts to FIX services should be sourced from the network.

Additionally, my techn. Acct.Mgr. @Cpty says: If we get a request, we check if its came from (my Fa0/1 address), otherwise it will

be rejected.

In fact the ip network is not my network, it is an external company (BskyB) owned network. So I would assume I cannot change my

internal network address schema to their network schema.

Here my actual and funtionally config

interface Tunnel0

description To Cpty

ip address

tunnel source

tunnel destination


interface FastEthernet0/0

description Facing LAN

ip address secondary

ip address

crypto map dbs


interface FastEthernet0/1

description MIC Member Lan

ip address

With this config the initial connection is up and running

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0     YES manual up                    up     

FastEthernet0/1        YES NVRAM  up                    up     

Tunnel0                  YES NVRAM  up                    up     

Tunnel1                YES unset  up                    up     

Tunnel2                YES unset  up                    up    

cisco2811#show crypto session

Crypto session current status

Interface: FastEthernet0/0

Session status: UP-ACTIVE    

Peer: port 500

  IKE SA: local remote Active

  IPSEC FLOW: permit 47 host host

        Active SAs: 2, origin: crypto map

The ip route command shows many routes

    cisco2811#show ip route


    Gateway of last resort is to network

    S* [1/0] via is variably subnetted, 2 subnets, 2 masks


    D [90/26881024] via, 00:21:35, Tunnel0

     D [90/26881024] via, 00:21:35, Tunnel0

     C is directly connected, FastEthernet0/1

    L is directly connected, FastEthernet0/1

 is variably subnetted, 2 subnets, 2 masks

    C is directly connected, FastEthernet0/0

    L is directly connected, FastEthernet0/0


And I want to reach on port 10170. On my, I set as the default gateway but that was not enough.

Thus, I need IMHO something like: ip route all incoming traffic from FastEthernet0/0 with request to 90.* / 193.* --forward-to--> FastEthernet0/1

(like in the example 

cisco2811#telnet 10170 /source-interface FastEthernet0/1

Trying, 10170 … Open


As I tried with: ip route FastEthernet0/1

I lost even my telnet connection on board of the cisco. After deleting, I was again capable telnet from the cisco2811 console.

Or need I some kind of NATting with Fa0/0 and Fa0/1??

Please, take into account that my ADSL Router already performs NAT for my network. And the cisco is in the DMZ.

Thanks in advance.



PS: For more in depth information about my network infrastructure or previous problem, please read

There, I described earlier my problem with the establishing the tunnel (which is solved).

If they check source address, you would need NAT.

And that will make everything more complicated.

I recommend that you talk to the ownerof the company (the one that pays) so that he commands the other people to relax checks, re-organizer network, and make things works easy and smoothj without tricks.

