[HECnet] Connectivity via BT Infinity

[Mark Darvill]

Hi Tim,

The bug occurs with complex NAT and NAT Pools coupled with a Zone Based Firewall.

The GRE tunnels work fine, Decnet comes up on the internet connected router you can decnet ping either way on the router, which has adjacencies both ways (i.e. to the area routers and my end nodes) but it will not route from my end nodes to nodes elsewhere on Hecnet. My end nodes did see an adjacency with my router as would be expected.

If you kill the complex NAT (NAT pools) then it will work but that mucks up the config of my network which has to support my real business services on it via a DMZ with one set of fixed IP addresses and another set of fixed via the NAT pools.

Took me a couple of months to figure out and it was the same on V12.x and V15 of IOS on a 1941 and 1841. I can fix it with either a Cisco or Decbrouter with a simpler config behind my main router which works every time or simplifying massively my internet connected router.

Mark

> On 1 Sep 2015, at 17:23, Tim Sneddon <tim at sneddon.id.au> wrote:
> 
> On 1/09/2015 6:56 PM, Mark Darvill wrote:
>> No I replaced the Hub 5 with a Cisco 1941 with an 1841 and
>> Decbrouter90 behind it due to the relatively complex setup I have
>> here. The Decbrouter90 handles the GRE tunnels as there is a bug with
>> having GRE on a Cisco router that also has NAT enabled.
> 
> What bug are you experiencing?  I have a Cisco 1841 that has NAT enabled, hooks into the HECnet as well as connecting a number of GRE/IPsec tunnels an IPv6 tunnel and more.  I've not had any trouble...that I've noticed.
> 
> Regards, Tim.