Solved: HI Vasiliii thanks a lot that

ftenerelli · ‎03-22-2016

Im trying to establish a DMVPN with a HUB and 2 Spokes, but for the HUB LANs i need to static NAT the firewall outside interface (is a clearOS machine that act as a default gateway for LANs), and whenever i apply the NAT the DMVPN goes down...

Now im trying to no-nat the GRE traffic like this:

access-list 101 deny gre any any
access-list 101 permit ip host 10.255.255.2 any

route-map nonat permit 10
 match ip address 101

ip nat inside source static 10.255.255.2 X.X.X.X route-map nonat

But still after a

 show ip nat translation | i gre

gre X.X.X.X:0 10.255.255.2:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
gre X.X.X.X:0 10.255.255.2:0 Z.Z.Z.Z:0 Z.Z.Z.Z:0

This is the network diagram , for testing purposes im not running it with IPSEC.

Where X.X.X.X is the HUB public IP and YYYY/ZZZZ are the Spokes public IP. And 10.255.255.2 is the clearOS outside interface.

I think that if the gre traffic is prevented from being NATed the problem is solved, but the ACL wont make matches on the first sentence, so i only have internet traffic but no VPN.

Vasilii Mikhailovskii · ‎03-22-2016

Hello.

You are on the right way - just missing "reversible" keyword in the translation.

View solution in original post

Vasilii Mikhailovskii · ‎03-22-2016

Hello.

You are on the right way - just missing "reversible" keyword in the translation.

ftenerelli · ‎03-23-2016

HI Vasiliii thanks a lot that was the solution!.

Is there a way to exempt GRE traffic to be NATed?