Solved: Re: NAT all Lan range traffic to Tunnel - Source NAT cisco router C290

omid-nami · ‎01-14-2024

Hi,

I need to NAT LAN range to a single IP tunnel:

this is my config:

LAN Range: 192.168.180.0/24 (Gi 0/2)

WAN: 172.21.21.208/252 (Gi 0/1)

Tunnel IP's: 192.168.226.177/252

Destination network to connect through the tunnel: 172.17.100.0/24

the tunnel is UP and I can ping 192.168.226.177 (another side of the tunnel) from LAN, but I cannot reach 172.17.100.0/24 range

this is my running config:

interface Tunnel680
ip address 192.168.226.178 255.255.255.252
ip access-group 101 in
ip nat outside
ip virtual-reassembly in
tunnel source 172.21.21.210
tunnel destination 172.17.11.30
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.21.21.210 255.255.255.252
ip access-group 101 in
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2

ip address 192.168.180.1 255.255.255.0

ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface Tunnel680 overload
ip route 0.0.0.0 0.0.0.0 172.21.21.209
access-list 101 permit ip any any
access-list 101 permit ip 172.17.100.0 0.0.0.255 any

please help me to solve the problem

MHM Cisco World · ‎01-14-2024

access-list 101 permit ip any any <<- remove this

Second there is no traffic route toward the tunnel ??
MHM

View solution in original post

M02@rt37 · ‎01-14-2024

Hello @omid-nami

You need two things regarding static routes:

1 for tunnel is up:

ip route 172.17.11.30 255.255.255.255 172.21.21.209

Second one in order to route flow through the tunnel:

ip route 0.0.0.0 0.0.0.0 tunnel680

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎01-14-2024

Hello @omid-nami

As concerned your default route: ip route 0.0.0.0 0.0.0.0 172.21.21.209

It should be ip route 0.0.0.0 0.0.0.0 tunnel680 ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

omid-nami · ‎01-14-2024

Hi,

if I change default route from wan's GW to the tunnel, Tunnel goes down

M02@rt37 · ‎01-14-2024

Hello @omid-nami

You need two things regarding static routes:

1 for tunnel is up:

ip route 172.17.11.30 255.255.255.255 172.21.21.209

Second one in order to route flow through the tunnel:

ip route 0.0.0.0 0.0.0.0 tunnel680

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

omid-nami · ‎01-14-2024

Thank you so much, now all traffic goes to the tunnel, but Still cannot reach 172.17.100.0/24, whats wrong???

M02@rt37 · ‎01-14-2024

You're welcome @omid-nami

On the other router, what about the routing ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

omid-nami · ‎01-14-2024

The other router is in headquarter office and I dont have access to the configuration, they just sent me wan and tunnel IP's, I want to be sure of my routers configuration, then call them for trobleshoot

best regards

MHM Cisco World · ‎01-14-2024

access-list 101 permit ip any any <<- remove this

Second there is no traffic route toward the tunnel ??
MHM

omid-nami · ‎01-14-2024

I've tried this:

Ip route 172.17.100.0 255.255.255.0 192.168.226.177

but it doesnt work

NAT all Lan range traffic to Tunnel - Source NAT cisco router C2900