Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and GRE Tunnel

I have four router (See Visio diagram attached)

Router A, B, C and D. On router B i have interfaces Gi0/1 which is configured as "ip nat inside" while the Multilink 1 is configured as "ip nat outside", GRE Tunnel 0 is configured with NO NAT.

The Senerio

I want to route RFC1918 IPs between Routers A and D via the Tunnel 0

I am doing NAT on Router B to get to the LAN with a rouable IP addresses.


When traffic flows between LAN Public IP

(Non-RFC1918 Routable) and WAN RFC1918 NAT Translate OK


From Router D when LAN RFC1918 route traffic thru the Tunnel 0 to Router B I do not want NAT to take place on the Multilink 1. I want real IP address to route through however NAT take plase too.


Knowing that i do Static NAT on Multilink1 How do i allow NAT from LAN

Public IP (Non-RFC1918 Routable) to WAN

RFC1918 and also not allow NAT to if traffic originated from LAN RFC1918 via the Tunnel0



New Member

Re: NAT and GRE Tunnel

To add GRE to a working IPSec configuration, follow these steps.

Remove the crypto map from the interface.

Create the tunnel interfaces.

int tunnel

ip address private_ip subnet_mask

tunnel source outside_interface_name

tunnel destination peer_address

Modify the crypto access list as shown below.

access-list acl_name permit gre host tunnel_source_ip host peer_address

Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.

Reapply the crypto map to the physical interface and the tunnel interface.