Solved: Well...Thank you...!

faisalvt0807 · ‎03-08-2016

Hello.....!

Kindly look my attached network diagram

Router 1 is connected to our corporate network 192.168.1.0/24 we are connected into our data centre through a IPSec GRE tunnel VPN

I want to route all the internet traffic through router 2 but VPN should work remain same

Is it possible.? if yes how?

Router 1 current configuration for your reference

!

ip route 0.0.0.0 0.0.0.0 dialer1

!

ip nat inside source list NAT interface Dialer1 overload

!

Extended IP access list NAT
10 permit ip 192.168.1.0 0.0.0.255 any

!

int dialer1

ip nat outside

!

int vlan1

192.168.1.1

ip nat inside

!

Philip D'Ath · ‎03-08-2016

Change the default route on router 1:

ip route 0.0.00 0.0.0.0 10.1.55.4

Then on router 1 add a route for the subnets going over the VPN, and for the remote VPN end point to go over dialer 1.

ip route <dc subnet> 255.255.255.0 dialer1
ip route <remote vpn end point> 255.255.255.255 dialer1

Router 1 will no longer require any NAT configuration on it. Router2 will now need to do NAT for 192.168.1.0/24.

View solution in original post

Philip D'Ath · ‎03-14-2016

The safest option is to use scheduled reboots.

To tell the router to reboot in 10 minutes:

reload in 10

Then make your change. If it works, execute:

reload cancel

If it doesn't work, wait out the 10 minutes and the router will reboot undoing the change you just made.

View solution in original post

Philip D'Ath · ‎03-08-2016

Change the default route on router 1:

ip route 0.0.00 0.0.0.0 10.1.55.4

Then on router 1 add a route for the subnets going over the VPN, and for the remote VPN end point to go over dialer 1.

ip route <dc subnet> 255.255.255.0 dialer1
ip route <remote vpn end point> 255.255.255.255 dialer1

Router 1 will no longer require any NAT configuration on it. Router2 will now need to do NAT for 192.168.1.0/24.

faisalvt0807 · ‎03-09-2016

Thank you...!

I have tested your configuration successfully on my real lab environment. however i'am agitated to do in my production environment because we are using some port forwarding settings.

can you please explain how to tune it based on our new schema. here my current port forwarding settings

R1

ip nat inside source static tcp 192.168.1.1 83 interface dialer1 83

!

how to push and pull these service from R2 through R1

Philip D'Ath · ‎03-09-2016

Can you move the port forwards to R2?

Failing that, what about leaving the routing as it was, and move the VPN to R2?

Those are my preferred options, so that one router is dedicated tot he VPN. Failing that we can configure a route-map to re-direct some traffic, but it gets a bit messy.

faisalvt0807 · ‎03-09-2016

Well...Thank you...!

Yes i can move, i need those port forwarding configuration from you, i'm confused how to configure it on both router

Current configuration

R1

ip nat inside source static tcp 192.168.1.1 83 interface dialer1 83

how to change with new scheema

check my thought

R1

ip nat inside source static tcp 192.168.1.1 83 interface vlan2 83

R2

ip nat inside source static tcp 192.168.1.1 83 interface dialer1 83

is it correct?

or on R2 ip nat inside source static tcp 10.1.55.1 83 interface dialer1 83

Please help me..........

Philip D'Ath · ‎03-09-2016

Whatever that NAT is on R1, copy it un-changed to R2.

faisalvt0807 · ‎03-09-2016

What about R1 is there required any static nat, remember my lan interface behind the R1

Philip D'Ath · ‎03-09-2016

No, just default route everything to R2. R2 should have a route for the lan back via R1.

faisalvt0807 · ‎03-10-2016

Dear Philip,

Thank's a lot.....!, We are planning to do these changes on upcoming Sunday and i have got approval from the management.

Wish you all the best.................

Philip D'Ath · ‎03-10-2016

Good luck. You'll be fine.

faisalvt0807 · ‎03-13-2016

Yes Success...!

I'am coming with one another problem, My location is Dubai we have a remote location in Japan and Moscow there is Cisco 800 series router. in japan there is no one available for support. I wish to do some configuration changes there, which will really affect my basic connectivity with them

my question is, it it possible to configure a default configuration settings to check frequently like every 10 minutes and run if any changes.

Philip D'Ath · ‎03-13-2016

Can you send them a console cable and tell them to plug it into a norebook and the router? If so, get them to pair the notebook with a SmartPhone, and use a remote control app like TeamViewer. Then you can take over the machine remotely, out of band, and connect to the console port.

faisalvt0807 · ‎03-13-2016

Nooo. there is nobody to support me, even i don't know Japanese. so it's very hard for me. that's why i'am checking myself some settings to do in router.

There is no option to roll back previous configuration after a period of time?

Philip D'Ath · ‎03-14-2016

The safest option is to use scheduled reboots.

To tell the router to reboot in 10 minutes:

reload in 10

Then make your change. If it works, execute:

reload cancel

If it doesn't work, wait out the 10 minutes and the router will reboot undoing the change you just made.

faisalvt0807 · ‎03-14-2016

Thank you...!, it was usefull

NAT-Route and Separate Internet Traffic