I'm trying to setup a web server behind a NAT router through a GRE tunnel. Here's a quick diagram:
WWW --------(outside) R1 (inside) ========== R2 ------- Web server A B C D
When an http request comes into R1 (s:A, d: B), NAT does its job translates the packet to (s:A, d:D) and ships it over the GRE tunnel to R2. R2 routes it to the web server. So far so good.
Now web server responds back (s:D, d:A), R2 ships the packet to R1 back through the GRE tunnel. When R1 gets the packet from the tunnel, I expected it to NAT again and send out (s:B, d:A) to WWW but instead R1 sends the packet unmodified (s:D, d:A) to WWW.
If I remove the GRE tunnel and simply route the packet from R2 to R1 then NAT works as expected. However I need the GRE tunnel as these web requests need to traverse an internal network to get to the web server.
Does anyone know why NAT source translation is not taking place on the way out (when the packet arrives through the GRE tunnel)?
Here's the config for R1:
ip cef ! ! ! no crypto isakmp enable ! ! interface Tunnel2 description desk-vpn tunnel ip address 10.88.101.10 255.255.255.252 tunnel source 10.88.102.9 tunnel destination 10.88.102.1 ! interface Loopback0 ip address 10.88.101.101 255.255.255.252 ! interface FastEthernet0/0 ip address 22.214.171.124 255.255.255.0 ip nat outside duplex auto speed auto ! interface FastEthernet0/1 ip address 10.88.102.9 255.255.255.240 ip nat inside duplex auto speed auto ! ! ip nat inside source static tcp 10.88.102.10 80 126.96.36.199 80 extendable ip classless ip route 0.0.0.0 0.0.0.0 188.8.131.52 ip route 10.88.102.10 255.255.255.255 Tunnel2 ! no ip http server no ip http secure-server
Web server is 10.88.102.10
Thanks in Advance