INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Help with simulation.

Help with simulation.

(OP)
My scenario is this

I have a cisco 1941 router base with an additional card slotted for 1 extra Ethernet port.

I need to put a tunnel on 1 port to a remote site for file server access on a low bandwidth Ethernet connection.
Then i need to route all non tunnel traffic over the additional slotted Ethernet card High band width connection.

I been looking at configs that i think should work but it seems I am missing something. As i cant get the nat translation to match anything other than the Tunnel outside ip address. Any advice would be appreciated.. I am sure i am missing some thing simple. Here is config example...


crypto map match IPSEC traffic

interface GigabitEthernet0/2
description LAN connection
ip address 192.16.42.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/0
Description RAW INTERNET HIGH bandwidth
ip address 1.1.1.1 255.255.252.0
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0
description TUNNEL LOW speed
ip address 2.2.2.2 255.255.252.0
ip nat outside
ip virtual-reassembly
crypto map
speed auto
full-duplex
no cdp enable
!
ip classless
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat inside source list Global_NAT interface GigabitEthernet0/0 overload
0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip access-list extended 100
deny ip 192.16.42.0 0.0.0.255 17.6.0.0 0.0.7.255
deny ip 192.16.42.0 0.0.0.255 17.6.8.0 0.0.3.255
deny ip 192.16.42.0 0.0.0.255 17.1.0.0 0.0.255.255
deny ip 192.16.42.0 0.0.0.255 12.2.0.0 0.0.15.255
deny ip 192.16.42.0 0.0.0.255 17.2.0.0 0.0.15.255
deny ip 10.168.27.0 0.0.0.255 any
permit ip 192.16.42.0 0.0.0.255 any
permit ip any any
ip access-list extended Tunnel
remark Defines IPSEC traffic
permit ip 192.16.42.0 0.0.0.255 17.1.0.0 0.0.7.255
permit ip 192.16.42.0 0.0.0.255 17.1.8.0 0.0.3.255
permit ip 192.16.42.0 0.0.0.255 17.1.0.0 0.0.255.255
permit ip 192.16.42.0 0.0.0.255 17.2.0.0 0.0.15.255
permit ip 192.16.42.0 0.0.0.255 17.2.0.0 0.0.15.255
deny ip any any

RE: Help with simulation.

Routes? There is only a default for the G0/0/0 interface? Are you trying to reach addresses outside of the 2.2.0.0/22 subnet via G1/1?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close