Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with a simulation

Status
Not open for further replies.

mkent51180

Technical User
Mar 14, 2016
2
US
My scenario is this

I have a cisco 1941 router base with an additional card slotted for 1 extra Ethernet port.

I need to put a tunnel on 1 port to a remote site for file server access on a low bandwidth Ethernet connection.
Then i need to route all non tunnel traffic over the additional slotted Ethernet card High band width connection.

I been looking at configs that i think should work but it seems I am missing something. As i cant get the nat translation to match anything other than the Tunnel outside ip address. Any advice would be appreciated.. I am sure i am missing some thing simple. Here is config example...


crypto map match IPSEC traffic

interface GigabitEthernet0/2
description LAN connection
ip address 192.16.42.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/0
Description RAW INTERNET HIGH bandwidth
ip address 1.1.1.1 255.255.252.0
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0
description TUNNEL LOW speed
ip address d2.2.2.2 255.255.252.0
ip nat outside
ip virtual-reassembly
crypto map
speed auto
full-duplex
no cdp enable
!
ip classless
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat inside source list Global_NAT interface GigabitEthernet0/0 overload
0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip access-list extended Global_NAT
deny ip 192.16.42.0 0.0.0.255 172.16.0.0 0.0.7.255
deny ip 192.16.42.0 0.0.0.255 172.16.8.0 0.0.3.255
deny ip 192.16.42.0 0.0.0.255 172.17.0.0 0.0.255.255
deny ip 192.16.42.0 0.0.0.255 172.20.0.0 0.0.15.255
deny ip 192.16.42.0 0.0.0.255 172.26.0.0 0.0.15.255
deny ip 10.168.27.0 0.0.0.255 any
permit ip 192.16.42.0 0.0.0.255 any
permit ip any any
ip access-list extended Tunnel
remark Defines IPSEC traffic
permit ip 192.16.42.0 0.0.0.255 172.16.0.0 0.0.7.255
permit ip 192.16.42.0 0.0.0.255 172.16.8.0 0.0.3.255
permit ip 192.16.42.0 0.0.0.255 172.17.0.0 0.0.255.255
permit ip 192.16.42.0 0.0.0.255 172.20.0.0 0.0.15.255
permit ip 192.16.42.0 0.0.0.255 172.26.0.0 0.0.15.255
deny ip any any
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top