1 Sep
2015
1 Sep
'15
6:40 p.m.
Hi Tim,
The bug occurs with complex NAT and NAT Pools coupled with a Zone Based Firewall.
The GRE tunnels work fine, Decnet comes up on the internet connected router you can decnet
ping either way on the router, which has adjacencies both ways (i.e. to the area routers
and my end nodes) but it will not route from my end nodes to nodes elsewhere on Hecnet. My
end nodes did see an adjacency with my router as would be expected.
If you kill the complex NAT (NAT pools) then it will work but that mucks up the config of
my network which has to support my real business services on it via a DMZ with one set of
fixed IP addresses and another set of fixed via the NAT pools.
Took me a couple of months to figure out and it was the same on V12.x and V15 of IOS on a
1941 and 1841. I can fix it with either a Cisco or Decbrouter with a simpler config behind
my main router which works every time or simplifying massively my internet connected
router.
Mark
On 1 Sep 2015, at 17:23, Tim Sneddon <tim at
sneddon.id.au> wrote:
On 1/09/2015 6:56 PM, Mark Darvill wrote:
No I replaced the Hub 5 with a Cisco 1941 with an
1841 and
Decbrouter90 behind it due to the relatively complex setup I have
here. The Decbrouter90 handles the GRE tunnels as there is a bug with
having GRE on a Cisco router that also has NAT enabled.
What bug are you experiencing? I have a Cisco 1841 that has NAT enabled, hooks into the
HECnet as well as connecting a number of GRE/IPsec tunnels an IPv6 tunnel and more.
I've not had any trouble...that I've noticed.
Regards, Tim.