gre tunnel with nat

From: Vishal Patel (vpatel@accessproviders.com.au)
Date: Tue Jun 21 2005 - 04:07:12 GMT-3

• Next message: Vishal Patel: "GRE Tunnel with NAT"
• Previous message: John Matus: "Re: icmp - time-exceeded vs ttl-exceeded"
• Next in thread: Shane Marquis: "RE: gre tunnel with nat"
• Maybe reply: Shane Marquis: "RE: gre tunnel with nat"
• Maybe reply: Shane Marquis: "RE: gre tunnel with nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

I have a very basic kinda doubt.

My doubt is when a user on the LAN tries to go out of tunnel 55 for 0.0.0.0
route , will the packet have a source IP of tunnel IP address ( 10.250.3.1)
or will it have the source ip as the tunnel source IP address.(dialer
interface IP address)

Have look at this config:

interface Tunnel55
 description **** To 530-Collins ****
 ip address 10.250.3.1 255.255.255.252
 ip nat outside
 tunnel source Dialer1
 tunnel destination 202.130.198.241
!
interface Tunnel66
 description **** To TNH ****
 ip address 172.28.252.2 255.255.255.252
 tunnel source Dialer1
 tunnel destination 202.130.198.242
!
interface FastEthernet0
 description **** To Wireless-Internet-EMIS ****
 no ip address
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface FastEthernet1
 no ip address
 spanning-tree portfast
!
interface Vlan1
 description Internal-Interface
 ip address 172.28.207.1 255.255.255.224
 ip helper-address 172.28.160.27
 ip helper-address 172.28.224.9
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1300
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname xxxxxx
 ppp chap password xxxxx.
!
ip classless
ip route 0.0.0.0 0.0.0.0 tunnel 55
ip route 202.130.198.0 255.255.255.0 dialer1
ip route 172.28.0.0 255.255.0.0 Tunnel66 name TNH

no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer1 overload
!
!
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.209.128 0.0.0.127
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.211.96 0.0.0.31
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.211.64 0.0.0.31
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.160.0 0.0.3.255
access-list 100 permit ip 172.28.207.0 0.0.0.127 any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password xxxx
 login
!
end

Whittlesea-1712#

• Next message: Vishal Patel: "GRE Tunnel with NAT"
• Previous message: John Matus: "Re: icmp - time-exceeded vs ttl-exceeded"
• Next in thread: Shane Marquis: "RE: gre tunnel with nat"
• Maybe reply: Shane Marquis: "RE: gre tunnel with nat"
• Maybe reply: Shane Marquis: "RE: gre tunnel with nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3