Solved: GRE Tunnel & NAT

alraycisco · ‎09-18-2008

Hi,

I've setup 2 test routers with a GRE tunnel which is working fine in the test setup. My question is when I transfer this config to a live setup how would I exempt the traffic over the GRE tunnel from being natted? Everything else i.e. traffic destined for the internet should be patted to the outside interface. Would I need a route-map for this?

Thanks

R1

--

interface Tunnel0

ip address 192.168.200.2 255.255.255.0

ip ospf network broadcast

keepalive 10 3

tunnel source FastEthernet0

tunnel destination 1.1.1.1

crypto map mymap

interface FastEthernet0

Description Outside Interface

ip address 1.1.1.2 255.255.255.0

speed auto

crypto map mymap

R2

--

interface Tunnel1

ip address 192.168.200.1 255.255.255.0

ip ospf network broadcast

keepalive 10 3

tunnel source FastEthernet0

tunnel destination 1.1.1.2

crypto map mymap

interface FastEthernet0

Description Outside Interface

ip address 1.1.1.1 255.255.255.0

speed auto

crypto map mymap

singhsaju · ‎09-18-2008

Yes you are correct.

View solution in original post

singhsaju · ‎09-18-2008

Hi,

Since there is no "ip nat inside" on the Tunnel interfaces , the traffic going through GRE tunnel will not be NATted . You do not have to bypass NAT in this case.

HTH

Saju

Pls rate helpful posts

alraycisco · ‎09-18-2008

Just to clarify, I can configure the inside and the outside interface for NAT and have no NAT statement on the Tunnel interface, which will cause internet bound traffic to be patted and traffic bound for the GRE tunnel to not be natted?

interface Tunnel1

ip address 192.168.200.1 255.255.255.0

ip ospf network broadcast

keepalive 10 3

tunnel source FastEthernet0

tunnel destination 1.1.1.2

crypto map mymap

interface FastEthernet0

Description Outside Interface

ip address 1.1.1.1 255.255.255.0

speed auto

crypto map mymap

ip nat outside

Interface Ethernet 0

Description Inside Interface

ip nat Inside

Thanks

singhsaju · ‎09-18-2008

Yes you are correct.