Hi everyone, and sorry for my poor English :)
In our office we have a Cisco 1900 series with IOS 15.2, we used to use the GE0/0 for the internet with a fixed public ip, and the GE0/1 for our local network 10.213.16.0/24, we use tunnel1 with another company for voip sip communication services.
It's a very simple configuration and everything works great so far ! But now we are moving to another internet provider (from wimax to optical fiber multiservice network (NGN)), with this new provider, we can't directly use the public ip on the GE0/0 interface, we have to use a lan ip and create a nat pool with the public ip to get access to the internet.
The issue is that we need to reconfigure our tunnel1 for the sip communication services, i think that we can't use directly our public ip in the tunnel like before! i can't really do tests because our voip provider takes up to 72 hours to change our ip in their tunnel configuration, if something go wrong we will need to go back to previous tunnel configuration with old ISP, and again wait for 72 hours to be back in business...
I need some help before asking our sip provider for tunnel reconfiguration (i asked them the same questions, but i am still waiting for their answers).
Here is our router configuration :
! interface Tunnel1 description TH2 ip address x.x.x.x 255.255.255.252 tunnel source 'Our_Public_Ip_With_Old_Wimax_Provider' tunnel destination 'Voip_Provider_Ip' ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.163.24 255.255.255.252 (Our New ISP with Lan ip) ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.213.16.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! ip forward-protocol nd ! ip nat pool pool1 y.y.y.y y.y.y.y netmask 255.255.255.252 (Our New ISP with Public ip pool y.y.y.y) ip nat inside source list 102 pool pool1 overload ip route 0.0.0.0 0.0.0.0 192.168.163.23 (Our New ISP LAN Gateway) ip route 192.168.76.0 255.255.255.0 Tunnel1 (VOIP Tunnel) ! access-list 1 permit 10.213.16.0 0.0.0.255 access-list 102 permit ip 10.213.16.0 0.0.0.255 any ! control-plane !
I am wondering how to configure the tunnel with this new ISP, i read that i may have to use loopback interface with nat or something like that, i am not good with this kind of things ...
Thank you very much for reading me, any help would be much appreciated :)
If you need more information i will give them to you guys.
Have a nice day.
Use the configuration like this:
interface Tunnel1 description TH2 ip address x.x.x.x 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel destination 'Voip_Provider_Ip'
Keep in mind that your ISP modem must forward "port 1723" or 'GRE protocol port 47" on your router WAN IP address and you must have a valid default route toward to the ISP router.
who is your ISP ? I guess if your tunnel source interface has a LAN IP address, you cannot use that as a tunnel source anymore. The other side also has a problem...which IP address are they using as the tunnel destination ?
Share the name of the ISP, they may have some online documentation on how to set this up...
Thank you for the answers, sadly there is no documentation at all! the ISP is Algerie Telecom.
@Deepak kumar Thank you, but sorry i am not sure to understand what you say, is this a configuration to do on my side, my cisco router or is my ISP who has to do this on their side?
I am trying to get another tunnel for test, so i can try some experimentation without impacting the work.
Thank you again !
As I looking that your ISP is giving you a private IP on your edge router means somewhere your ISP is doing NATing. So your ISP must forward some ports from outside to inside (toward your router wan interface) so our remote end router can initialization the tunnel negotiation. As Cisco GRE is working on port 1723 so your ISP must do the port forwarding from WAN IP to your router's WAN IP address (WAN interface IP address). This means your ISP router must make port forwarding for gre.
As at your local router it is only required to change the source IP address. As I am recommended to assign the source interface. as
interface tunnel 4
tunnel source gig0/0 ------> gig0/0 is the WAN interface for your local router.
Thank you @Deepak kumar :), it is much clearer now!
I think that i can forward port directly on my side, i have tried to forward ftp port and some others (5060) for test is they were open, and it worked, i used classic :
ip nat inside source static tcp 10.213.16.251 21 public_Ip 21 extendable
Does this information add something interesting or no? or was it just luck because my isp already forward these 'known port'? I will try to go at work this afternoon to retry maybe with other port.
@Georg Pauwen Bonjour :), Hello ! Yes this is exactly what we have ! but the support is very poor :( .
Thank you again guys for helping me :)
I am looking at the site of Algerie Telecom and I assume this is what you have ?
I'll see if I can find something more...