cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

419
Views
0
Helpful
0
Replies
Highlighted
Beginner

Tunneling through DUAL NAT

I have a lab set up in GNS3 and I'm trying to set up a tunnel between the Mike router and the Boston router, see pictures for details, but I'm having issues because NAT breaks the end-to-end connectivity. Everything in the left and right box can ping every router in the top box, but no router in the top box can ping the left or right box. The rules of the lab are simple, unless my internet configuration is all jacked up, I can not change the ISP or Internet router, I'm not advertising the 10.0.0.0 or 192.168.147.0 network since these are private IP's and can't be routed through the internet. I'd like to set up DMPVN with IPSEC if possibe, but I'll settle with a GRE tunnel. Below are the configurations for each router

I have access to the Boston, House, Drew and Mike router, if I can set up a tunnel using only these routers it would make my life easier, my company owns the TCS router and I'd have to have the Satcom guys make changes to that router, so I'd prefer if I can set this up without getting them involved.

Router 1-Boston
interface FastEthernet0/0
ip address 87.219.104.210 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 87.219.104.209
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.0.1 192.168.0.1 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255

Router 2-ISP
interface FastEthernet0/0
ip address 87.219.104.209 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
ip address 103.114.102.2 255.255.255.252
clock rate 2000000
!
router eigrp 10
network 87.219.104.208 0.0.0.3
network 103.114.102.0 0.0.0.3
distribute-list NAT out
no auto-summary
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip access-list standard NAT
!
ip prefix-list NAT seq 5 deny 192.168.0.0/24
!
route-map NAT deny 10
match ip address prefix-list NAT

Router 3-Internet
interface Serial0/0
ip address 103.114.102.1 255.255.255.252
clock rate 192000
!
interface Serial0/1
ip address 204.113.182.1 255.255.255.252
clock rate 192000
!
router eigrp 10
network 103.114.102.0 0.0.0.3
network 204.113.182.0 0.0.0.3
no auto-summary

Router 4-TCS
interface FastEthernet0/0
ip address 192.168.147.1 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 204.113.182.2 255.255.255.252
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
router eigrp 10
network 192.168.147.0 0.0.0.7
network 204.113.182.0 0.0.0.3
distribute-list 10 out
no auto-summary
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat pool TCS 192.168.147.1 192.168.147.1 netmask 255.255.255.248
ip nat inside source list 1 interface Serial0/0 overload
!
ip prefix-list NAT seq 5 deny 192.168.147.0/29
access-list 1 permit 192.168.147.0 0.0.0.7
!
route-map NAT deny 10
match ip address prefix-list NAT

Router 5-Drew
interface FastEthernet0/0
ip address 192.168.147.3 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.147.1
!
ip http server
no ip http secure-server
ip nat pool DREW 10.0.0.1 10.0.0.1 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255

Router 6-Mike
interface FastEthernet0/0
ip address 10.0.0.129 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!        
!
ip http server
no ip http secure-server
ip nat pool Mike 172.16.0.1 172.16.0.1 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 172.16.0.0 0.0.0.255

Router 7-House
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!        
interface FastEthernet0/1
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip http server
no ip http secure-server
ip nat pool Home 172.16.0.1 172.16.0.1 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 172.16.0.0 0.0.0.255

Everyone's tags (5)
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards