Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

nat and tunnel

Hi,

We would like to config following:

1. setup tunnel in between R1 and R2

2. R1 is "ip nat inside" and R2 is "ip nat oustde"

3. I would like all users to access "66.x.x.2" this server, it must go to tunnel and through R2, R3 to outside internet to 66.x.x.2

following is the config. however, it does not work. what is missing? detail please refer attached file. please advice

Best regards

---- config

R1

!

interface Tunnel 1

ip address 172.16.1.1 255.255.255.252

ip nat inside

tunnel source 192.168.1.1

tunnel destination 192.168.10.1

!

ip route 66.x.x.2 255.255.255.255 172.16.0.2

!

--------

R2

!

interface FastEthernet0

ip address 64.x.x.1 255.255.255.240

ip nat outside

crypto map mymap ! had already had vpn

!

interface FastEthernet1

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface Tunnel 1

ip address 172.16.1.2 255.255.255.252

ip nat outside

tunnel source 192.168.10.1

tunnel destination 192.168.1.1

!

ip nat pool test 64.1.1.1 64.1.1.1 netmask 255.255.255.240

ip nat inside source list 10 pool test overload

!

ip nat inside source list 20 interface tunnel 1 overload

!

access-list 20 permit 172.16.1.0 0.0.0.255

access-list 10 permit 192.168.10.0 0.0.0.255

3 REPLIES
Hall of Fame Super Gold

Re: nat and tunnel

Hello,

in practice R2 will do nat for users behind R1 as well, but only when R2 routes to R1 over tunnle, based on destination. Then:

- no "ip nat" statements on R1 are necessary.

- add "access-list 10 permit 192.168.1.0 0.0.0.255" to R2

- tunnel 1 should be NAT inside, not outside.

- remove "ip nat inside source list 20 interface tunnel 1 overload"

- use static routes or routing protocol

- all this assumes that you have already connectivity between 192.168.1 and .10 by some means not specified in the diagram.

between R1, R2 and R2 so that each one knows how to reach connected networks and you can ping from/to everywhere.

That should do it.

Hope this helps, please rate post if it does!

New Member

Re: nat and tunnel

Hi,

Thank you very much. It is working.

Best regards

Hall of Fame Super Gold

Re: nat and tunnel

Good job, considering that my post even got messed up by cut and paste editing.

Thanks for the nice rating and good luck!

235
Views
5
Helpful
3
Replies