RE: gre tunnel with nat

From: Shane Marquis (Shane.Marquis@busint.com.au)
Date: Tue Jun 21 2005 - 08:02:47 GMT-3

• Next message: James Yeo: "RE: filtering active mode vs. passive mode ftp"
• Previous message: Shane Marquis: "RE: gre tunnel with nat"
• Maybe in reply to: Vishal Patel: "gre tunnel with nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry I take it back you first email got truncated.
The packet will go down the tunnel 55 with the source address of the tunnel
55, the GRE packet gennerated will have the address of the dialer 1
interface.
Shane Marquis

-----Original Message-----
From: Shane Marquis [mailto:Shane.Marquis@busint.com.au]
Sent: Tuesday, 21 June 2005 8:57 PM
To: 'Vishal Patel'; 'Group Study'
Subject: RE: gre tunnel with nat

The packet will go down the tunnel with the source ip address of the sending
workstation on the LAN. The gre packet generated will have the source
address of the dialer 1 interface. Shane Marquis

-----Original Message-----
From: Vishal Patel [mailto:vpatel@accessproviders.com.au]
Sent: Tuesday, 21 June 2005 5:07 PM
To: 'Group Study'
Subject: gre tunnel with nat

Hi group,

I have a very basic kinda doubt.

My doubt is when a user on the LAN tries to go out of tunnel 55 for 0.0.0.0
route , will the packet have a source IP of tunnel IP address ( 10.250.3.1)
or will it have the source ip as the tunnel source IP address.(dialer
interface IP address)

Have look at this config:

interface Tunnel55
 description **** To 530-Collins ****
 ip address 10.250.3.1 255.255.255.252
 ip nat outside
 tunnel source Dialer1
 tunnel destination 202.130.198.241
!
interface Tunnel66
 description **** To TNH ****
 ip address 172.28.252.2 255.255.255.252
 tunnel source Dialer1
 tunnel destination 202.130.198.242
!
interface FastEthernet0
 description **** To Wireless-Internet-EMIS ****
 no ip address
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface FastEthernet1
 no ip address
 spanning-tree portfast
!
interface Vlan1
 description Internal-Interface
 ip address 172.28.207.1 255.255.255.224
 ip helper-address 172.28.160.27
 ip helper-address 172.28.224.9
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1300
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname xxxxxx
 ppp chap password xxxxx.
!
ip classless
ip route 0.0.0.0 0.0.0.0 tunnel 55
ip route 202.130.198.0 255.255.255.0 dialer1
ip route 172.28.0.0 255.255.0.0 Tunnel66 name TNH

no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer1 overload
!
!
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.209.128 0.0.0.127
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.211.96 0.0.0.31
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.211.64 0.0.0.31
access-list 100 deny ip 172.28.207.0 0.0.0.127 172.28.160.0 0.0.3.255
access-list 100 permit ip 172.28.207.0 0.0.0.127 any dialer-list 1 protocol
ip permit ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password
xxxx login ! end

Whittlesea-1712#

• Next message: James Yeo: "RE: filtering active mode vs. passive mode ftp"
• Previous message: Shane Marquis: "RE: gre tunnel with nat"
• Maybe in reply to: Vishal Patel: "gre tunnel with nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3