![]() ![]() route-map SKYEPG_NAT interface Loopback1 refcount 0 access-list 102 interface FastEthernet0/1 refcount 3 ** As we are natting behind a /32, we cant seem to be able to point to a NAT pool in the statement above, so we created a Loopback1 interface and referenced to that. Ip nat inside source route-map Tobe_NAT interface Loopback1 overload Then create a route map to match addresses to be NATed Ip access-list extended Source_to_Destination Create an access list to match our internal address going to remote network x.x.x.x I am trying to set up an additional NAT translation on this box which will pick up internal addresses, NAT overload them to a 172.27.200.6/32 address before pushing it down an IPsec tunnel to a remote client network Ip nat inside source list 102 interface FastEthernet0/1 overload With a standard NAT statement ( below ) to match internal address and push it out of f0/1 ( which has a 81.x.x.x external ip ). We currently have the following basic NAT setup on our VPN router to allow internal to get outside. I have been using the following doc ( NAT on a stick ) as reference. ![]() This can easily tell if the entry exists on the hub NHRP cache.I would appreciate any hints or tips for a NAT set up I am trying to create. a resolution problem that may be caused by the missing entry for hub private ip address to hub public ip address on the NHRP server running on the hub routerĪbout first possible cause you can check NHRP entries with I see two possible reasons for the ping failure of the hub ip address on the hub router itself: The NHRP provides an abstraction of an NBMA allowing to resolve private ip addresses into public ip addresses. In addtion to this, each remote is configured with the hub private ip address as the NHRP server for the segment.Īs a result of these two configuration elements, each remote is able to solve the hub using the static entry and registers itself to the server with periodic NHRP messages. The multipoint GRE relays on NHRP to resolve the private address on an actual public address for each remote.Įach remote has a static entry telling the corrispondence between hub private address and hub public address. I try to explain better my thoughts on this issue. I just want to be able to fully appreciate the intelligence of your thoughts and experience. It is important to punctuate your sentences so that they can be read clearly. So, can you do me a favor and take your time writing a response - focus a bit more on language and clarity, especially punctuation. Your English is a lot better than my Italian! :-) Nonetheless, the problem remains. Now, I am grateful and impressed that your English is as good as it is living in Italy. The language barrier, however, degrades your responses because I oftentimes find it difficult to read and understand your posts. I look forward to reading your thoughts and input. I think you're a brilliant and a gifted engineer and I appreciate the time you take to help me and others. Giuseppe, can I give you some constructive criticism? Please dont take this the wrong way, OK? OK, so what is the difference between pinging an ethernet interface and a GRE interface in terms of encapsulation? The DMVPN environment is fine - I know that. I just want to know why this behavior exists. I do know that there is no problem, per se. I am thinking about something along those lines, but I still cant make sense out of it in my head.still fuzzy. Sending 5, 100-byte ICMP Echos to 10.40.16.1, timeout is 2 seconds: Received 0 broadcasts, 0 runts, 0 giants, 0 throttlesĠ input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abortĤ4239653088 packets output, 9828102711747 bytes, 0 underrunsĠ output errors, 0 collisions, 0 interface resetsĠ output buffer failures, 0 output buffers swapped out Last clearing of "show interface" counters never Tunnel protection via IPSec (profile "DMVPN-RL") Tunnel source 138.69.152.3 (Loopback100), destination UNKNOWN Ip ospf message-digest-key 1 md5 7 xxxxxxĭescription: THIS TUNNEL SUPPORTS MULTIPLE SITE-TO-SITE VPN TUNNELS Ip verify unicast source reachable-via any OK.what gives? What am I missing? Why cant I PING an interface on the router from the router itself?ĭescription THIS TUNNEL SUPPORTS MULTIPLE SITE-TO-SITE VPN TUNNELS ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |