Two GRE tunnels in three routers and NAT questions

sir_ulrick · ‎09-19-2019

Hi everyone,

I'm testing a infrastructure with 3 routers with Gree communication between them. Router1 has a GRE static tunnel with R2 and another one with R3. R2 has a tunnel with R1 and R3 routers and R3 with R2 and R1. This section work good.

R1:

interface Tunnel2

ip address 1.1.1.1 255.255.255.0

mtu 1476

tunnel source FastEthernet0/0

tunnel destination 10.1.20.2

!

interface Tunnel3

ip address 2.2.2.1 255.255.0.0

mtu 1476

tunnel source FastEthernet0/0

tunnel destination 10.1.30.2

R2:

interface Tunnel1

ip address 1.1.1.2 255.255.255.0

mtu 1476

tunnel source FastEthernet0/0

tunnel destination 10.1.10.2

!

interface Tunnel3

ip address 3.3.3.2 255.255.255.0

mtu 1476

tunnel source FastEthernet0/0

tunnel destination 10.1.30.2

!

R3:

interface Tunnel1

ip address 2.2.2.2 255.255.255.0

mtu 1476

tunnel source FastEthernet0/0

tunnel destination 10.1.10.2

!

interface Tunnel2

ip address 3.3.3.1 255.255.255.0

mtu 1476

tunnel source FastEthernet0/0

tunnel destination 10.1.20.2

!

With this configuration GRE communication works good, all tunnels are up and ping between them are working but I don't know if I can check this using a different command o packet tracer to validate data flow through GRE tunnel ( I can't use ping source from packet tracert , only I can see a ping to private tunnel is working and of sh int tunnel1 results

But mainly, my question is how can communicate pc1 with pc2 or 3 if all have the same ip address? I mean, this topology is a basic configuration of internet, where nat is used, but in this case each pc can begin a communication with a different computer. Normally, a pc should attack to nat ip, and not computer pc. For instance, r1 wants communicate with r2, when this request arrive to r1, this add ip header, and this ip header will have now new ip direcction but, how it can know r1 if communication must flow to ip of r2 or r3? because both routers advertise same ip.

Thanks a lot for your help!!

Richard Burts · ‎09-19-2019

Having the same IP address on each of the PC does present a challenge. The obvious solution is some type of address translation. If you implement dynamic translation it would translate for outbound traffic and would allow the PC to initiate traffic to outside resources. But it would not work from traffic initiated from outside resources to the PC. So you will want to configure a static nat on each of the routers for its connected PC.

HTH

Rick

HTH

Rick

sir_ulrick · ‎09-20-2019

Thanks for you reply Richards,

using a NAT, I think that I could n't to to ping from pc1 to pc3 using local ip's, else I need to use nated ip, right?

Is it necessary to change a ip route configuration after to add NAT?

Richard Burts · ‎09-20-2019

Yes you would use the natted IP. We do not have any information about the routing logic used for this network. But it would be logical to assume that you will need to add an ip route statement for the netted address.

HTH

Rick

HTH

Rick

sir_ulrick · ‎09-21-2019

Hi,

here you are attached the complete enviroment. I have a ip route 0.0.0.0 about the unique outside interface, so for this reason I don't think that be necessary adding a new route, I can see correct route from sh ip route. Currently, with this configuration, I can't ping from a ramdon device to nated ip of different pc.

Georg Pauwen · ‎09-19-2019

Hello,

in addition to Richard's post, if possible post the Packet Tracer project (.pkt) file...zip it first otherwise you cannot upload it here...

sir_ulrick · ‎09-21-2019

Thanks a lot for your reply Georg. I have attached file in the other reply