I am working with a CISCO 1710, trying to connect it through a VPN to a 1720 across the internet. However, the NAT doesn't seem to be working right. When i do a traceroute, the message dies as soon as it gets out of my router, because it's a private address (for my network, and the one i'm trying to connect to). Does anyone know anything about the NAT commands for the 1710, or have any clue how i can get it to work? (sorry it is so vague...ask me if you need more detail on any part of it)
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
1710 with VPN and NAT
- Thread starter Tesch
- Start date
post a config of your NAT programing.
your ethernet should have (ip nat inside)
your serial should have (ip nat outside)
you need to set a statement such as
(ip nat inside source list 1 interface serial1 overload)
(access-list 1 permit any)
(ip route 0.0.0.0 0.0.0.0 next hop ip address) “Reserve your right to think, for even to think wrongly is better than not to think at all”
Fisher CCNA,(CCNP-Routing)
UOP Student BSIT
![[americanflag]](/data/assets/smilies/americanflag.gif "[americanflag] [americanflag]")
your ethernet should have (ip nat inside)
your serial should have (ip nat outside)
you need to set a statement such as
(ip nat inside source list 1 interface serial1 overload)
(access-list 1 permit any)
(ip route 0.0.0.0 0.0.0.0 next hop ip address) “Reserve your right to think, for even to think wrongly is better than not to think at all”
Fisher CCNA,(CCNP-Routing)
UOP Student BSIT
- Thread starter
- #4
you have to exclude the VPN taffice from the NAT process.
router 1
private ip 192.168.1.32/24
public IP 194.7.1.1 (just an example)
internetconnection through ADSL (interface ATM0.1)
router 2
private ip 192.168.2.32/24
public ip 217.136.1.1 (just an example)
internetconnection through Lease Line (interface Serial0)
on router 1 you have to exclude all traffic to 192.168.2.32 from the NAT process :
--- Begin cisco code ---
access-list 101 remark --- Do not NAT VPNpool range ---
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source route-map nonat interface ATM0.1 overload
route-map nonat permit 10
match ip address 101
--- End cisco code ---
on router 2, do the same:
--- Begin cisco code ---
access-list 101 remark --- Do not NAT VPNpool range ---
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
ip nat inside source route-map nonat interface Serial0 overload
route-map nonat permit 10
match ip address 101
--- End cisco code ---
Hope this helps
Pieter
router 1
private ip 192.168.1.32/24
public IP 194.7.1.1 (just an example)
internetconnection through ADSL (interface ATM0.1)
router 2
private ip 192.168.2.32/24
public ip 217.136.1.1 (just an example)
internetconnection through Lease Line (interface Serial0)
on router 1 you have to exclude all traffic to 192.168.2.32 from the NAT process :
--- Begin cisco code ---
access-list 101 remark --- Do not NAT VPNpool range ---
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source route-map nonat interface ATM0.1 overload
route-map nonat permit 10
match ip address 101
--- End cisco code ---
on router 2, do the same:
--- Begin cisco code ---
access-list 101 remark --- Do not NAT VPNpool range ---
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
ip nat inside source route-map nonat interface Serial0 overload
route-map nonat permit 10
match ip address 101
--- End cisco code ---
Hope this helps
Pieter
- Status
