From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Jul 20 2005 - 19:54:23 GMT-3
Joe,
You should be able to do this via the TCP load balancing feature.
Offhand the config would look something like this to forward GRE to the
internal host 192.168.0.1
ip nat pool GRE_ENDPOINT 192.168.0.1 192.168.0.1 prefix-length 24 type
rotary
ip nat inside destination list FORWARD_GRE pool GRE_ENDPOINT
ip nat inside source list INSIDE_LOCAL interface Ethernet0 overload
!
ip access-list extended FORWARD_GRE
permit gre any any
!
ip access-list standard INSIDE_LOCAL
Permit 192.168.0.0 0.0.0.255
!
interface Ethernet 0
ip address 10.10.10.10 255.0.0.0
ip nat outside
!
interface Ethernet 1
ip address 192.168.0.1 255.255.255.0
ip nat inside
Let me know your results.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Joe Rinehart
> Sent: Wednesday, July 20, 2005 4:19 PM
> To: ccielab@groupstudy.com
> Subject: NAT with GRE (Not IPSec)
>
> This one has my brain burning a bit...
>
> I have set up NAT on an Internet router for a business and some
Microsoft
> folks that also support them need the GRE protocol passed through the
NAT.
> I did a one to one NAT statement (ip nat inside source static <inside
> local>
> (inside global) which apparently didnt give them what they needed.
Since
> GRE is a PROTOCOL rather than a TCP/UDP port range I am at a bit of a
loss
> as to how to do that. Do I need to change that association to an ip
nat
> outside source statement instead?
>
> Joe Rinehart
> CCIE #14256, CCNP, CCDP
> Data Network Consultant
> AT&T Pacific Northwest Enterprise Markets
>
>
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3