Comware

 View Only

  • 1.  SR 7102dl NAT + GRE Tunnel

    Posted Apr 27, 2016 03:54 PM

    Hi,

    I've configured another Secure Router 7102dl to act as Many to one NAT router with GRE tunneling to another the same secure router. NAT works fine, all hosts have access to the internet. Unfortunately, tunnel communication works only in one direction: I can reach any host behind that router from first router, but I can't establish communication in opposite direction: from any host in local network on newly configured router to any host in local network of first router.

    I believe I missed something in configuration:

    ! ProCurve Secure Router 7102dl SROS version J17.02.00
! Boot ROM version J06.03
! Platform: ProCurve Secure Router 7102dl, part number J8752A
! Serial number US525TRABG
! Flash: 33554432 bytes  DRAM: 134217727 bytes
! Date/Time: Thu Apr 28 2016, 03:49:11 GMT+08:00
!
!
hostname "hk2uk"
enable password encrypted 3xxx
!
clock timezone +8-Bejing
!
ip subnet-zero
ip classless
ip routing
!
!
ip domain-name "domain.com"
ip name-server 8.8.8.8 10.171.3.247
!
!
event-history on
no logging forwarding
no logging console
no logging email
!
service password-encryption
!
username "manager" password encrypted xxx
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg h323
!
!
!
!
!
!
autosynch-mode
no safe-mode
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface eth 0/1
  ip address  1.2.3.4  255.255.255.252
  access-policy web
  no shutdown
!
!
interface eth 0/2
  ip address  192.168.4.20  255.255.252.0
  access-policy NATInside
  no shutdown
!
!
!
!
interface tunnel 2
  description HK to UK Tunnel
  ip address  172.16.0.6  255.255.255.252
  tunnel mode gre
  tunnel source eth 0/1
  tunnel destination 5.6.7.8
  tunnel key 1234
  keepalive 60 5
  no shutdown
!
!
!
!
router ospf
  network 192.168.4.0 0.0.3.255 area 0
  network 172.16.0.4 0.0.0.3 area 0
!
!
!
!
ip access-list standard NAT
  permit any
!
!
ip access-list extended web-acl-3
  remark Admin Access
  permit tcp 5.6.7.8 0.0.0.31  any eq www   log
  permit tcp 5.6.7.8 0.0.0.31  any eq https   log
  permit tcp 5.6.7.8 0.0.0.31  any eq ssh   log
!
!
ip policy-class NATInside
  nat source list NAT address 1.2.3.4 overload
!
ip policy-class web
  allow list web-acl-3 self
!
!
!
ip route 0.0.0.0 0.0.0.0 210.3.127.33
ip route 10.171.0.0 255.255.0.0 tunnel 2
ip route 10.171.0.0 255.255.0.0 172.16.0.6
ip route 10.172.0.0 255.255.0.0 tunnel 2
ip route 10.172.0.0 255.255.0.0 172.16.0.6 110
ip route 192.168.4.0 255.255.252.0 192.168.4.22
ip route 192.168.59.0 255.255.255.0 tunnel 2
ip route 192.168.59.0 255.255.255.0 172.16.0.6 110
!
no ip tftp server
no ip tftp server overwrite
ip http server
ip http session-timeout 1800
no ip http secure-server
ip snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
snmp-server contact email "it@domain.com"
snmp-server location "hk"
snmp-server view readonly 1.* included
snmp-server community public RO
snmp-server community readonly RO
snmp-server community community RO
!
!
!
ip sip
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
  login
!
line telnet 0 4
  login
  shutdown
line ssh 0 4
  login local-userlist
  no shutdown
!
sntp server 81.168.77.149
!
!
!
!
end

     

     

     



  • 2.  RE: SR 7102dl NAT + GRE Tunnel

    Posted Apr 27, 2016 04:28 PM

    Hello,

    Do you have network:

    interface eth 0/1 

    ip address  1.2.3.4  255.255.255.252

    Added to OSPF on your router?

    I cannot see static routes for remote LAN in you RTR config

    Michal



Related Content