Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2086
Views
0
Helpful
0
Replies

GRE Tunnel Behind NAT Device

stefparaskevakis
Level 1
Level 1

‎05-15-2015 07:34 AM

Hi guys i m a little bit confused with a project and i need your help. In the topology below 

i want to create a gre tunnel for R1 & R3. The problem is with R2 (NAT), in R2 i setup a static nat entry (ip nat inside source static 192.168.5.210 int fa 0/1). When at first i try to ping R3 tunnel ip address from R1 all is ok, R2 creates a  nat map  and R3 can communicate with R1 via tunnel. But when i tried to initiate tunnel from R3 side, tunnel wasn't establised. I get some debug messages(debug tunnel, ip packet, ip nat) from all Routers. when i start communication from R1 and ping success 

debug output from R1 

R1#ping 11.0.0.1 rep
R1#ping 11.0.0.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 128/128/128 ms
R1#
*May 15 17:04:36.019: IP: s=11.0.0.2 (local), d=11.0.0.1, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:36.023: IP: tableid=0, s=11.0.0.2 (local), d=11.0.0.1 (Tunnel1), routed via FIB
*May 15 17:04:36.023: IP: s=11.0.0.2 (local), d=11.0.0.1 (Tunnel1), len 100, sending
*May 15 17:04:36.031: IP: s=11.0.0.2 (local), d=11.0.0.1 (Tunnel1), len 100, sending full packet
*May 15 17:04:36.035: Tunnel1: GRE/IP encapsulated 192.168.5.210->4.4.4.2 (linktype=7, len=124)
*May 15 17:04:36.035: IP: s=192.168.5.210 (local), d=4.4.4.2 (FastEthernet0/0), len 124, sending
*May 15 17:04:36.039: NAT: GRE port: 0 - [0]
*May 15 17:04:36.043: IP: s=192.168.5.210 (local), d=4.4.4.2 (FastEthernet0/0), len 124, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:36.047: IP: s=192.168.5.210 (local), d=4.4.4.2 (FastEthernet0/0), len 124, sending
*May 15 17:04:36.055: IP: s=192.168.5.210 (local), d=4.4.4.
R1#2 (FastEthernet0/0), len 124, sending full packet
*May 15 17:04:36.059: Tunnel1 count tx, adding 0 encap bytes
*May 15 17:04:36.107: NAT*: GRE port: 0 - [7]
*May 15 17:04:36.111: ipv4 decap oce used, oce_rc=0x1 tunnel Tunnel1
*May 15 17:04:36.111: NAT*: GRE port: 0 - [7]
*May 15 17:04:36.111: ipv4 decap oce used, oce_rc=0x1 tunnel Tunnel1
*May 15 17:04:36.119: IP: s=4.4.4.2 (FastEthernet0/0), d=192.168.5.210, len 124, input feature, MCI Check(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:36.123: IP: s=4.4.4.2 (FastEthernet0/0), d=192.168.5.210, len 124, rcvd 2
*May 15 17:04:36.123: IP: s=4.4.4.2 (FastEthernet0/0), d=192.168.5.210, len 124, stop process pak for forus packet
*May 15 17:04:36.127: Tunnel1: GRE/IP (PS) to decaps 4.4.4.2->192.168.5.210 (tbl=0,"default" len=124 ttl=252)
*May 15 17:04:36.131: Tunnel1: GRE decapsulated IP packet (linktype=7, len=100)
*May 15 17:04:36.135: IP: s=11.0.0.1 (Tunnel1), d=11.0.0.2, len 100, input feature, M
R1#CI Check(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:36.139: IP: s=11.0.0.1 (Tunnel1), d=11.0.0.2, len 100, rcvd 2
*May 15 17:04:36.139: IP: s=11.0.0.1 (Tunnel1), d=11.0.0.2, len 100, stop process pak for forus packet
R1#

same time at R2 debug output 

R2#
*May 15 17:03:25.327: NAT*: GRE port: 0 - [0]
*May 15 17:03:25.327: NAT: Entry assigned id 2
*May 15 17:03:25.327: NAT*: s=192.168.5.210->1.1.1.1, d=4.4.4.2 [0]
*May 15 17:03:25.399: NAT*: GRE port: 0 - [7]
*May 15 17:03:25.399: NAT*: s=4.4.4.2, d=1.1.1.1->192.168.5.210 [7]
R2#

and same time at R3  debug output

R3#     
*May 15 17:04:25.371: NAT*: GRE port: 0 - [0]
*May 15 17:04:25.375: NAT: GRE port: 0 - [0]
*May 15 17:04:25.375: IP: s=1.1.1.1 (Serial1/0), d=4.4.4.2, len 124, input feature, NAT Outside(78), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:25.379: IP: s=1.1.1.1 (Serial1/0), d=4.4.4.2, len 124, input feature, MCI Check(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:25.383: IP: s=1.1.1.1 (Serial1/0), d=4.4.4.2, len 124, rcvd 2
*May 15 17:04:25.387: IP: s=1.1.1.1 (Serial1/0), d=4.4.4.2, len 124, stop process pak for forus packet
*May 15 17:04:25.391: Tunnel1: GRE/IP (PS) to decaps 1.1.1.1->4.4.4.2 (tbl=0,"default" len=124 ttl=252)
*May 15 17:04:25.391: Tunnel1: GRE decapsulated IP packet (linktype=7, len=100)
*May 15 17:04:25.395: IP: s=11.0.0.2 (Tunnel1), d=11.0.0.1, len 100, input feature, MCI Check(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:25.399: IP: s=11.0.0.2 (Tunnel1), d=11.0.0.1, l
R3#en 100, rcvd 2
*May 15 17:04:25.403: IP: s=11.0.0.2 (Tunnel1), d=11.0.0.1, len 100, stop process pak for forus packet
*May 15 17:04:25.407: IP: s=11.0.0.1 (local), d=11.0.0.2, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:25.411: IP: tableid=0, s=11.0.0.1 (local), d=11.0.0.2 (Tunnel1), routed via FIB
*May 15 17:04:25.411: IP: s=11.0.0.1 (local), d=11.0.0.2 (Tunnel1), len 100, sending
*May 15 17:04:25.419: IP: s=11.0.0.1 (local), d=11.0.0.2 (Tunnel1), len 100, sending full packet
*May 15 17:04:25.423: Tunnel1: GRE/IP encapsulated 4.4.4.2->1.1.1.1 (linktype=7, len=124)
*May 15 17:04:25.423: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, sending
*May 15 17:04:25.423: NAT: GRE port: 0 - [7]
*May 15 17:04:25.423: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:25.423: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), l
R3#en 124, sending
*May 15 17:04:25.423: NAT: GRE port: 0 - [7]
*May 15 17:04:25.423: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, output feature, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:04:25.427: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, sending full packet
*May 15 17:04:25.427: Tunnel1 count tx, adding 0 encap bytes

 

**IF I CLEAR IP NAT TRANSLATIONS IN R2 AND TRY PING FROM R3 SIDE, PING DOESNT SUCCEED AND I GET THIS DEGUB OUTPUT**

i get this from R3

R3#ping 11.0.0.2 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 11.0.0.2, timeout is 2 seconds:

*May 15 17:08:09.727: IP: s=11.0.0.1 (local), d=11.0.0.2, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:08:09.731: IP: tableid=0, s=11.0.0.1 (local), d=11.0.0.2 (Tunnel1), routed via FIB
*May 15 17:08:09.731: IP: s=11.0.0.1 (local), d=11.0.0.2 (Tunnel1), len 100, sending
*May 15 17:08:09.739: IP: s=11.0.0.1 (local), d=11.0.0.2 (Tunnel1), len 100, sending full packet
*May 15 17:08:09.743: Tunnel1: GRE/IP encapsulated 4.4.4.2->1.1.1.1 (linktype=7, len=124)
*May 15 17:08:09.747: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, sending
*May 15 17:08:09.751: NAT: GRE port: 0 - [8]
*May 15 17:08:09.751: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:08:09.755: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, sending
*May 15 17:08:09.755: NAT: GRE port: 0 - [8]
*May 15 17:08:09.755: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, output feature, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:08:09.755: IP: s=4.4.4.2 (local), d=1.1.1.1 (Serial1/0), len 124, sending full packet
*May 15 17:08:09.755: Tunnel1 count tx, adding 0 encap bytes.
Success rate is 0 percent (0/1)
R3#

 

and this from R2 

R2#
*May 15 17:07:09.735: NAT*: GRE port: 0 - [8]
*May 15 17:07:09.735: NAT*: GRE port: 0 - [8]
*May 15 17:07:09.735: NAT*: GRE port: 0 - [8]
*May 15 17:07:09.735: NAT*: GRE port: 0 - [8]
*May 15 17:07:09.743: NAT: GRE port: 0 - [8]
*May 15 17:07:09.743: IP: s=4.4.4.2 (FastEthernet0/1), d=1.1.1.1, len 124, input feature, NAT Outside(78), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:07:09.747: IP: s=4.4.4.2 (FastEthernet0/1), d=1.1.1.1, len 124, input feature, MCI Check(92), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*May 15 17:07:09.751: IP: s=4.4.4.2 (FastEthernet0/1), d=1.1.1.1, len 124, rcvd 2
R2#
*May 15 17:07:09.755: IP: s=4.4.4.2 (FastEthernet0/1), d=1.1.1.1, len 124, stop process pak for forus packet
R2#

 

and nothing from R1.

 

Another problem is when i want to make tunnel with no static nat (in R2) but with port  forwarding (port 1723) or nat overload, tunnel cant be established from neither side.   

 

 

 

1 person had this problem
Labels:
Preview file
2 KB
Preview file
2 KB
Preview file
2 KB
Preview file
2 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents