mkent51180
Technical User
My scenario is this
I have a cisco 1941 router base with an additional card slotted for 1 extra Ethernet port.
I need to put a tunnel on 1 port to a remote site for file server access on a low bandwidth Ethernet connection.
Then i need to route all non tunnel traffic over the additional slotted Ethernet card High band width connection.
I been looking at configs that i think should work but it seems I am missing something. As i cant get the nat translation to match anything other than the Tunnel outside ip address. Any advice would be appreciated.. I am sure i am missing some thing simple. Here is config example...
crypto map match IPSEC traffic
interface GigabitEthernet0/2
description LAN connection
ip address 192.16.42.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/0
Description RAW INTERNET HIGH bandwidth
ip address 1.1.1.1 255.255.252.0
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0
description TUNNEL LOW speed
ip address d2.2.2.2 255.255.252.0
ip nat outside
ip virtual-reassembly
crypto map
speed auto
full-duplex
no cdp enable
!
ip classless
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat inside source list Global_NAT interface GigabitEthernet0/0 overload
0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip access-list extended Global_NAT
deny ip 192.16.42.0 0.0.0.255 172.16.0.0 0.0.7.255
deny ip 192.16.42.0 0.0.0.255 172.16.8.0 0.0.3.255
deny ip 192.16.42.0 0.0.0.255 172.17.0.0 0.0.255.255
deny ip 192.16.42.0 0.0.0.255 172.20.0.0 0.0.15.255
deny ip 192.16.42.0 0.0.0.255 172.26.0.0 0.0.15.255
deny ip 10.168.27.0 0.0.0.255 any
permit ip 192.16.42.0 0.0.0.255 any
permit ip any any
ip access-list extended Tunnel
remark Defines IPSEC traffic
permit ip 192.16.42.0 0.0.0.255 172.16.0.0 0.0.7.255
permit ip 192.16.42.0 0.0.0.255 172.16.8.0 0.0.3.255
permit ip 192.16.42.0 0.0.0.255 172.17.0.0 0.0.255.255
permit ip 192.16.42.0 0.0.0.255 172.20.0.0 0.0.15.255
permit ip 192.16.42.0 0.0.0.255 172.26.0.0 0.0.15.255
deny ip any any
I have a cisco 1941 router base with an additional card slotted for 1 extra Ethernet port.
I need to put a tunnel on 1 port to a remote site for file server access on a low bandwidth Ethernet connection.
Then i need to route all non tunnel traffic over the additional slotted Ethernet card High band width connection.
I been looking at configs that i think should work but it seems I am missing something. As i cant get the nat translation to match anything other than the Tunnel outside ip address. Any advice would be appreciated.. I am sure i am missing some thing simple. Here is config example...
crypto map match IPSEC traffic
interface GigabitEthernet0/2
description LAN connection
ip address 192.16.42.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/0
Description RAW INTERNET HIGH bandwidth
ip address 1.1.1.1 255.255.252.0
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0
description TUNNEL LOW speed
ip address d2.2.2.2 255.255.252.0
ip nat outside
ip virtual-reassembly
crypto map
speed auto
full-duplex
no cdp enable
!
ip classless
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat inside source list Global_NAT interface GigabitEthernet0/0 overload
0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip access-list extended Global_NAT
deny ip 192.16.42.0 0.0.0.255 172.16.0.0 0.0.7.255
deny ip 192.16.42.0 0.0.0.255 172.16.8.0 0.0.3.255
deny ip 192.16.42.0 0.0.0.255 172.17.0.0 0.0.255.255
deny ip 192.16.42.0 0.0.0.255 172.20.0.0 0.0.15.255
deny ip 192.16.42.0 0.0.0.255 172.26.0.0 0.0.15.255
deny ip 10.168.27.0 0.0.0.255 any
permit ip 192.16.42.0 0.0.0.255 any
permit ip any any
ip access-list extended Tunnel
remark Defines IPSEC traffic
permit ip 192.16.42.0 0.0.0.255 172.16.0.0 0.0.7.255
permit ip 192.16.42.0 0.0.0.255 172.16.8.0 0.0.3.255
permit ip 192.16.42.0 0.0.0.255 172.17.0.0 0.0.255.255
permit ip 192.16.42.0 0.0.0.255 172.20.0.0 0.0.15.255
permit ip 192.16.42.0 0.0.0.255 172.26.0.0 0.0.15.255
deny ip any any