hi blau

Your guess isok.

Remote site is out of my control.

1. when i ping to 172.30.30.1 from my pc 192.168.7.31 no reply.  why  ???

2. when i set local interface as 172.30.30.2 and pc 172.30.30.1, I get reply form remote server and all ok means no routing issue at remote site ????

i think issue is no 1.

pls suggest

shahid

If you could post some picture of your topology, it would be helpful. I do not know where 172.30.30/24 network lies.

It still could be routing issue:

- in first case source and destination IPs are not on same subnet, so routing must be involved.

- in second case src and dst IPs are on same subnet, so routing is eliminated

Best Regards

Please rate helpful posts

my terget is:

1. need to get 10.0.0.5 from 192.168.7.31

2. 10.0.0.5 need to get 192.168.7.31,but i need to nat 192.168.7.31 to 172.30.30.1 as i want to hide my local server IP.

i can not get 172.30.30.1 and 10.0.0.5  from 192.168.7.31 after nating.

plz help

It looks like very simple scenario.

my site router

int gi0/0

ip nat outside

int gi0/4

ip nat inside

ip nat inside source route-map MAP_NAT interface gi0/0

route-map MAP_NAT permit 10

match ip address NAT_ACL

ip access-list extended NAT_ACL

permit ip 192.168.7.0 0.0.0.255 10.0.0.0 0.0.0.255

deny   ip any any

you can customize ACL as you need, basicaly entire packet with source IP from 192.168.7.0/24 to 10.0.0.0/24 will be translated to IP of interface gi0/0.

This means that remote router should know this network (I assume from topology that both routers are directly connected and are on same subnet).

Make sure that server 10.0.0.5 has correctly set up gateway to route unknown traffic to remote router.

Best Regards

Please rate helpful posts

its acutally simple. but  ?????. all ur assumption is ok.

i dont understant the nat :

ip nat inside source route-map MAP_NAT interface gi0/0

in fact, when i use ur configuration, no nat shows in show ip nat tr.

Shahid

Chk for reverse route for 172.30.30.X in your Remote site Router. How this route is getting advertised in OSPF.Do U have any Loopback created for this network/IP adress.Appreciate if you can paste the configs of both ends .Its should not be that much Complicated

Hi  nandi

Here are my config:

interface Tunnel3205

description ## B..........##

ip address 172.28.3.34 255.255.255.252

ip ospf message-digest-key 88 md5 nnnnnnnn

ip ospf cost 1

ip nat outside

tunnel source 172.29.97.16

tunnel destination 172.29.97.1

!

interface gi 1

  ip address 192.168.7.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

           interface GigabitEthernet0

description Bnnnn_WAN_interface

ip address 172.29.97.16 255.255.255.224

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map bdcom-VPN

!

         router ospf 88

area 0 authentication message-digest

network 172.28.3.32 0.0.0.3 area 0

network 172.29.97.0 0.0.0.31 area 0

network 172.30.30.0 0.0.0.7 area 0

!

ip nat inside source static 192.168.7.31 172.30.30.1

!

ip access-list extended BB-nnnnnnnn

permit gre host 172.29.97.16 host 172.29.97.1

permit gre host 172.30.30.1 host 10.210.1.8

** how i check my loopback network ??? may be a problem in loobpack.

Thanking You

hi nandi

u r great !!!!!

it ok.

thanks

shahid

:-) Happy it worked for you .