From: Khalid Nafie (knafie@xxxxxxxxxx)
Date: Sun Oct 14 2001 - 20:39:45 GMT-3
Dear all,
I was trying IPSEC with NAting on the same router but it didn't
work, its working without the natting but as i introduce natting into one
router it doesn't work.
any idea if there is change int the ACL on the nating router?
any working examples?
here is my config
R7:
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key sh-key address 62.7.1.10
!
!
crypto ipsec transform-set trans esp-des esp-md5-hmac
!
!
crypto map toR2 10 ipsec-isakmp
set peer 62.7.1.10
set transform-set trans
match address 110
!
interface Tunnel10
ip address 10.10.1.1 255.255.0.0
no ip directed-broadcast
tunnel source 62.9.3.3
tunnel destination 62.7.1.10
crypto map toR2
!
!interface Ethernet2/0
ip address 62.9.3.3 255.255.0.0
no ip redirects
no ip directed-broadcast
crypto map toR2
!
access-list 110 permit ip host 62.9.3.3 host 62.7.1.10
R2:
!
ip nat inside source static 2.2.2.1 62.7.1.10
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key sh-key address 62.9.3.3
!
!
crypto ipsec transform-set trans esp-des esp-md5-hmac
!
!
crypto map toR7 10 ipsec-isakmp
set peer 62.9.3.3
set transform-set trans
match address 110
!
!!
interface Tunnel10
ip address 10.10.1.2 255.255.0.0
tunnel source 62.7.1.10
tunnel destination 62.9.3.3
crypto map toR7
!
interface Serial0
ip address 62.7.1.2 255.255.255.0
ip nat outside
no ip mroute-cache
no fair-queue
clockrate 64000
crypto map toR7
!
access-list 110 permit ip host 62.7.1.10 host 62.9.3.3
================================================
Yours,
Khaled Nafie
Network Engineer
Customer Services
MCSE,CCDP,CCNP VOICE ACCESS
NCR Corporation, Kuwait
Mob.: +965-9872046
Tel : +965- 2412201, 2412203
Fax : +965-2413075
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:18 GMT-3