From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Wed Jul 20 2005 - 20:02:05 GMT-3
Joe,
I'm assuming its GRE tunnel from a site through NAT to another side
without NAT.
Make sure that the NAT side inside router has a source IP of the inside
local address and the tunnel destination as the global outside address
(true destination address) of the other side of the tunnel.
Second, make sure that the side without NAT has the tunnel source IP
address of its true source (e.g. global outside address) and the tunnel
destination of the inside global address.
This way the NAT router can rewrite the L3 header. I believe with 12.3
there is an option to disable payload translation that you might want to
do as well. Basically this will NAT payload Ips which you may not want.
HTH,
Andy
-----Original Message-----
From: Joe Rinehart [mailto:jjrinehart@hotmail.com]
Sent: Wednesday, July 20, 2005 2:19 PM
To: ccielab@groupstudy.com
Subject: NAT with GRE (Not IPSec)
This one has my brain burning a bit...
I have set up NAT on an Internet router for a business and some
Microsoft folks that also support them need the GRE protocol passed
through the NAT. I did a one to one NAT statement (ip nat inside source
static <inside local> (inside global) which apparently didnt give them
what they needed. Since GRE is a PROTOCOL rather than a TCP/UDP port
range I am at a bit of a loss as to how to do that. Do I need to change
that association to an ip nat outside source statement instead?
Joe Rinehart
CCIE #14256, CCNP, CCDP
Data Network Consultant
AT&T Pacific Northwest Enterprise Markets
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3