Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public IP block routed via vpn

My current setup:

I have a cable modem attached to GigEther0/0 and is assigned a dynamic ip address. Local network/switch

is connected to GigEther0/1 and using nat overload. Local network uses the 10.0.0.0/24 ipv4 ip block, GigEther1

has the ip address 10.0.0.1, as well as 2001:470:d:c00::1. I am using a tunnel to accomodate ipv6 traffic

to and from he.

I have a l2tp vpn tunnel setup connecting me to a company supplying me with a /28 ipv4 ip block. My ip assignment

with them is 72.0.227.64/28. The following is the basic config they gave me:

vpdn enable

!

l2tp-class ACE

hidden

authentication

hostname user@host

password ...

!

pseudowire-class ACE-PW

encapsulation-class ACE-PW

protocol l2tpv2 ACE

ip local interface GigabitEthernet0/0

ip pmtu max 1500

ip tos reflect

!

interface Virtual-PPP1

ip address negotiated

ip mtu 1452

no cdp enable

ppp authentication chap callin

ppp chap hostname user@host

ppp chap password ...

ppp direction callout

ppp ipcp dns request

pseudowire 66.114.76.203 11 pw-class ACE-PW

!

ip route 66.114.76.203 255.255.255.255 GigabitEthernet0/0 dhcp

........

the tunnel is up and running, GigabitEthernet0/1 also has the ip 72.0.227.65.

Now the question is, how do I route all traffic originating (or being sent to) an

ip in this /28 through the tunnel (and keeping the rest the same... i.e. 10.0.0.0/24

still goes through the nat overload)?

further info for access list, routing:

ip nat source list 1 interface GigabitEthernet0/0 overload

ip nat inside source list 101 interface GigabitEthernet0/0 overload

ip nat inside source list NAT interface GigabitEthernet0/0 overload

!

ip access-list standard NAT

permit 10.0.0.0 0.0.255.255

ip access-list standard VPN

permit 72.0.227.64 0.0.0.15

!

access-list 1 permit 10.0.0.0 0.0.0.255

access-list 1 deny   any

access-list 100 permit udp any any range 16384 32767

access-list 101 permit ip 10.0.0.0 0.0.0.255 any

and here is my ip routing table:

Gateway of last resort is 68.5.32.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 68.5.32.1

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.0.0.0/24 is directly connected, GigabitEthernet0/1

L        10.0.0.1/32 is directly connected, GigabitEthernet0/1

      66.0.0.0/32 is subnetted, 2 subnets

S        66.114.76.203 [1/0] via 68.5.32.1, GigabitEthernet0/0

C        66.114.76.207 is directly connected, Virtual-PPP1

      68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        68.5.32.0/21 is directly connected, GigabitEthernet0/0

L        68.5.37.193/32 is directly connected, GigabitEthernet0/0

      72.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        72.0.227.64/28 is directly connected, GigabitEthernet0/1

L        72.0.227.65/32 is directly connected, GigabitEthernet0/1

      172.18.0.0/32 is subnetted, 1 subnets

C        172.18.2.46 is directly connected, Virtual-PPP1

      172.19.0.0/32 is subnetted, 1 subnets

S        172.19.89.28 [254/0] via 68.5.32.1, GigabitEthernet0/0

198
Views
0
Helpful
0
Replies
CreatePlease to create content