Re: Why is this happening?
- From: Tomasz Grzelak <tgrzelak@xxxxxxxxx>
- Date: Fri, 12 May 2006 08:16:49 +0200
Martin Gallagher wrote:
On Thu, 11 May 2006 13:38:31 +0200, Tomasz Grzelak wrote:
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static esp 10.44.44.254 interface FastEthernet0/0
!
!
access-list 10 permit any
!
Don't know offhand, but this is bad ju-ju in a NAT config:
!
access-list 10 permit any
!
NAT ACLs should only match the traffic you want to be natted. If you
tell NAT to modify any old traffic, it will, and the result may not be
what you want or expect. Not saying it's causing the problem but it ought
to be fixed.
but the problem is I want all traffic to be NATted - VPN box 1 needs full Internet access, and additionally it needs the tunnel with VPN box 2
Looking at Cisco IOS NAT Application Layer Gateways,
http://www.cisco.com/en/US/products/ps6640/products_white_paper09186a00801af2b9.shtml
I looked at the site, read the info, but IOS on my router is 12.3(8)T5, so it is fresh enough I suppose...
The static esp command "might" also be natting more traffic than you
want, so if your IOS doesn't need it you might get rid of it.
so how can I tell the router to forward all esp traffic to the VPN box 1 ?
Commands that may be prove useful.
show ip nat trans
show ip nat stat
debug ip nat
Thank you for your reply!
Tomasz Grzelak
.
- Follow-Ups:
- Re: Why is this happening?
- From: Martin Gallagher
- Re: Why is this happening?
- References:
- Why is this happening?
- From: Tomasz Grzelak
- Re: Why is this happening?
- From: Martin Gallagher
- Why is this happening?
- Prev by Date: Re: Speed Mismatch?!?
- Next by Date: Re: pppoe server on c7200
- Previous by thread: Re: Why is this happening?
- Next by thread: Re: Why is this happening?
- Index(es):
Relevant Pages
|
|
