Hello i have a couple of 3925E routers running HSRP both internaly and externaly.
I cant get them to NAT the traffic though. They just route it out.
I also tried to connect via VPN to se if that worked and it didnt.
Im poundering where im going wrong with this.
Here is the relevant config.
Router1.
interface Port-channel1.62
encapsulation dot1Q 62
ip address 10.56.0.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip virtual-reassembly in
standby version 2
standby 12 ip 10.56.0.1
standby 12 priority 110
standby 12 preempt
interface Port-channel1.63
description $FW_OUTSIDE$
encapsulation dot1Q 63
ip address x.x.x.135 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
standby 1 ip 193.182.225.134
standby 1 timers msec 500 2
standby 1 priority 110
standby 1 preempt
interface Port-channel1.64
description $FW_DMZ$
encapsulation dot1Q 64
ip address 10.56.2.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
standby 2 ip 10.56.2.1
standby 2 timers msec 500 1
standby 2 priority 110
standby 2 preempt
interface Virtual-Template1 type tunnel
ip unnumbered Port-channel1.63
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
ip nat pool Dynamic x.x.x.137 x.x.x.139 netmask 255.255.255.252
ip nat inside source list 1 pool Dynamic
access-list 1 permit 10.56.2.0 0.0.0.255 log
access-list 1 permit 192.168.46.0 0.0.0.255 log
access-list 1 permit 192.168.40.0 0.0.0.255 log
access-list 1 permit 192.168.49.0 0.0.0.255 log
access-list 1 permit 10.56.0.0 0.0.0.255 log
access-list 1 permit 10.56.1.0 0.0.0.255 log
Router 2
interface Port-channel1.62
encapsulation dot1Q 62
ip address 10.56.0.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip flow ingress
ip nat inside
ip virtual-reassembly in
standby version 2
standby 12 ip 10.56.0.1
standby 12 preempt
!
interface Port-channel1.63
description $FW_OUTSIDE$
encapsulation dot1Q 63
ip address x.x.x.136 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
standby 1 ip 193.182.225.134
standby 1 timers msec 500 2
standby 1 preempt
!
interface Port-channel1.64
description $FW_DMZ$
encapsulation dot1Q 64
ip address 10.56.2.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
standby 2 ip 10.56.2.1
standby 2 timers msec 500 1
standby 2 preempt
interface Virtual-Template2 type tunnel
ip unnumbered GigabitEthernet0/0
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile2
ip nat pool Dynamic x.x.x.137 x.x.x.139 netmask 255.255.255.252
ip nat inside source list 1 pool Dynamic
access-list 1 permit 10.56.2.0 0.0.0.255 log
access-list 1 permit 192.168.46.0 0.0.0.255 log
access-list 1 permit 192.168.40.0 0.0.0.255 log
access-list 1 permit 192.168.49.0 0.0.0.255 log
access-list 1 permit 10.56.1.0 0.0.0.255 log
access-list 1 permit 10.56.0.0 0.0.0.255 log
I cant get it to NAT. Im pressuming im doing something wrong but im lost as to what.
