Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing internet (default) traffic through GRE tunnel

Hi, I think I'm having a NAT issue with the traffice coming from a GRE tunnel.

I have the following scenario:

Branch: Lan:192.168.96.0/24 WAN:192.168.0.34/30

Central site: Lan: 192.168.1.0/24 WAN: 192.168.0.2/30

Branch config:

interface Tunnel3
bandwidth 10000000
ip address 10.96.96.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
keepalive 5 3
tunnel source 192.168.0.34
tunnel destination 192.168.0.2
interface GigabitEthernet0/1
 ip address 10.0.96.1 255.255.255.0 secondary
 ip address 192.168.0.34 255.255.255.252
interface Vlan2
 ip address 192.168.96.2 255.255.255.0
interface GigabitEthernet0/0/1
 switchport access vlan 2
 no ip address
ip route 0.0.0.0 0.0.0.0 10.96.96.2
ip route 192.168.1.0 255.255.255.0 10.96.96.2

 

Central site config:

interface Tunnel3
bandwidth 10000000
 ip address 10.96.96.2 255.255.255.252
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 192.168.0.2
 tunnel destination 192.168.0.34
interface GigabitEthernet0/1
 ip address 192.168.1.2 255.255.255.0 secondary
 ip address 192.168.0.2 255.255.255.252
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 PUBLIC_IP
ip route 10.96.96.0 255.255.255.252 10.96.96.1
ip route 192.168.96.0 255.255.255.0 10.96.96.1
access-list 106 permit ip 192.168.96.0 0.0.0.255 any
access-list 106 permit ip 10.96.96.0 0.0.0.255 any
access-list 106 permit ip 192.168.0.0 0.0.255.255 any
access-list 106 permit ip any any
route-map SDM_RMAP_1 permit 1
 match ip address 106

From Brach I can ping hosts on the central site, and brach hosts from central. Trace shows traffic going though the tunnel correctly, but when I try to ping 8.8.8.8 from the branch i get a time out and trace from branch gets to central and then * * * so I'm guessing that either outgoing traffic is not being natted correctly or that the response is not betting correclty routed. Any ideas?

Thanks

 

 

Everyone's tags (1)
2 REPLIES
New Member

I was missing:

I was missing:

ip nat inside

in the tunnel interface.

Hall of Fame Super Silver

Thanks for posting back to

Thanks for posting back to the forum and telling us how you solved your problem. It is helpful when we have read about an issue to be able to see the solution to the issue.

 

HTH

 

Rick

696
Views
5
Helpful
2
Replies