Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with simulation.

Status
Not open for further replies.

mkent51180

Technical User
Mar 14, 2016
2
US
My scenario is this

I have a cisco 1941 router base with an additional card slotted for 1 extra Ethernet port.

I need to put a tunnel on 1 port to a remote site for file server access on a low bandwidth Ethernet connection.
Then i need to route all non tunnel traffic over the additional slotted Ethernet card High band width connection.

I been looking at configs that i think should work but it seems I am missing something. As i cant get the nat translation to match anything other than the Tunnel outside ip address. Any advice would be appreciated.. I am sure i am missing some thing simple. Here is config example...


crypto map match IPSEC traffic

interface GigabitEthernet0/2
description LAN connection
ip address 192.16.42.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/0
Description RAW INTERNET HIGH bandwidth
ip address 1.1.1.1 255.255.252.0
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0
description TUNNEL LOW speed
ip address 2.2.2.2 255.255.252.0
ip nat outside
ip virtual-reassembly
crypto map
speed auto
full-duplex
no cdp enable
!
ip classless
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat inside source list Global_NAT interface GigabitEthernet0/0 overload
0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip access-list extended 100
deny ip 192.16.42.0 0.0.0.255 17.6.0.0 0.0.7.255
deny ip 192.16.42.0 0.0.0.255 17.6.8.0 0.0.3.255
deny ip 192.16.42.0 0.0.0.255 17.1.0.0 0.0.255.255
deny ip 192.16.42.0 0.0.0.255 12.2.0.0 0.0.15.255
deny ip 192.16.42.0 0.0.0.255 17.2.0.0 0.0.15.255
deny ip 10.168.27.0 0.0.0.255 any
permit ip 192.16.42.0 0.0.0.255 any
permit ip any any
ip access-list extended Tunnel
remark Defines IPSEC traffic
permit ip 192.16.42.0 0.0.0.255 17.1.0.0 0.0.7.255
permit ip 192.16.42.0 0.0.0.255 17.1.8.0 0.0.3.255
permit ip 192.16.42.0 0.0.0.255 17.1.0.0 0.0.255.255
permit ip 192.16.42.0 0.0.0.255 17.2.0.0 0.0.15.255
permit ip 192.16.42.0 0.0.0.255 17.2.0.0 0.0.15.255
deny ip any any
 
Routes? There is only a default for the G0/0/0 interface? Are you trying to reach addresses outside of the 2.2.0.0/22 subnet via G1/1?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top