08-02-2020 11:07 PM
Router 1
Building configuration...
Current configuration : 1373 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname test
!
!
!
!
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
dns-server 192.168.134.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
hash md5
!
crypto isakmp key 01.020r address 192.168.133.44
!
!
!
crypto ipsec transform-set 01.020r esp-des esp-md5-hmac
!
crypto map 01.020r 10 ipsec-isakmp
set peer 192.168.133.44
set transform-set 01.020r
match address 100
!
!
!
!
ip ssh time-out 60
ip domain-name test.com
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address 192.168.133.17 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map 01.020r
!
interface Vlan1
no ip address
shutdown
!
ip nat pool 01.020r 192.168.133.17 192.168.133.17 netmask 255.255.255.0
ip nat inside source list 10 pool 01.020r overload
ip classless
!
ip flow-export version 9
!
!
access-list 10 permit 192.168.30.0 0.0.0.255
access-list 100 permit ip 192.168.30.0 0.0.0.255 192.168.30.0 0.0.0.255
!
banner motd ^C
ex
^C
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
test#
test con0 is now available
Press RETURN to get started.
ex
test>
test>
test>
test>en
test#conf t
Enter configuration commands, one per line. End with CNTL/Z.
test(config)#
test(config)#
test(config)#ex
test#
%SYS-5-CONFIG_I: Configured from console by console
test#
test#sh
test#sh ru
test#sh running-config
Building configuration...
Current configuration : 1373 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname test
!
!
!
!
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
dns-server 192.168.134.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
hash md5
!
crypto isakmp key 01.020r address 192.168.133.44
!
!
!
crypto ipsec transform-set 01.020r esp-des esp-md5-hmac
!
crypto map 01.020r 10 ipsec-isakmp
set peer 192.168.133.44
set transform-set 01.020r
match address 100
!
!
!
!
ip ssh time-out 60
ip domain-name test.com
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address 192.168.133.17 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map 01.020r
!
interface Vlan1
no ip address
shutdown
!
ip nat pool 01.020r 192.168.133.17 192.168.133.17 netmask 255.255.255.0
ip nat inside source list 10 pool 01.020r overload
ip classless
!
ip flow-export version 9
!
!
access-list 10 permit 192.168.30.0 0.0.0.255
access-list 100 permit ip 192.168.30.0 0.0.0.255 192.168.30.0 0.0.0.255
!
banner motd ^C
ex
^C
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router 2
Building configuration...
Current configuration : 1338 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
dns-server 192.168.134.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp key 06.010r address 192.168.133.17
!
!
!
crypto ipsec transform-set 06.010r esp-des esp-md5-hmac
!
crypto map 06.010r 10 ipsec-isakmp
set peer 192.168.133.17
set transform-set 06.010r
match address 100
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address 192.168.133.44 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map 06.010r
!
interface Vlan1
no ip address
shutdown
!
ip nat pool 06.010r 192.168.133.44 192.168.133.44 netmask 255.255.255.0
ip nat inside source list 10 pool 06.010r overload
ip classless
!
ip flow-export version 9
!
!
access-list 10 permit 192.168.30.0 0.0.0.255
access-list 100 permit ip 192.168.30.0 0.0.0.255 192.168.30.0 0.0.0.255
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#
Router con0 is now available
Press RETURN to get started.
Router>
Router>
Router>
Router>
Router>en
Router#sh ru
Router#sh running-config
Building configuration...
Current configuration : 1338 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
dns-server 192.168.134.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp key 06.010r address 192.168.133.17
!
!
!
crypto ipsec transform-set 06.010r esp-des esp-md5-hmac
!
crypto map 06.010r 10 ipsec-isakmp
set peer 192.168.133.17
set transform-set 06.010r
match address 100
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address 192.168.133.44 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map 06.010r
!
interface Vlan1
no ip address
shutdown
!
ip nat pool 06.010r 192.168.133.44 192.168.133.44 netmask 255.255.255.0
ip nat inside source list 10 pool 06.010r overload
ip classless
!
ip flow-export version 9
!
!
access-list 10 permit 192.168.30.0 0.0.0.255
access-list 100 permit ip 192.168.30.0 0.0.0.255 192.168.30.0 0.0.0.255
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Best Regards
08-02-2020 11:54 PM
Hi,
It seems that a subnet 192.168.30.0/24 is overlapping at both sides. So you need NATing as an extra configuration.
You can guide a detailed guide here:
08-03-2020 03:25 AM
Hello,
did you not have this same issue resolved a few days ago ? You said you had configured twice NAT on one side, I don't see that in any of the configs you have posted ?
08-03-2020 05:11 AM
Hey @Georg Pauwen the issue is not yet resolved. NAT was configured on both Routers. I d'ont really get it when you say "configuring twice NAT on one side" Can you please explain ? Based on the Network diagram ?
08-04-2020 05:35 AM
Hi,
Share your lab in the attachments.
08-04-2020 06:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide