We help IT Professionals succeed at work.

Exclude subnet from NAT

benhanson
benhanson asked
on
2,406 Views
Last Modified: 2013-12-14
I am trying to figure out how to exclude traffic from NAT and ppp encapsulation.  I have a DSL modem that is in bridge mode, so normally I don't need any connectivity to it.  A cisco router is acting a pppoe client and routing for LAN.  Even though the dsl modem is in bridge mode, it still has an IP address.  Once I addressed the WAN interface(which is hooked up to the dsl modem), I could telnet to the dsl modem from router.  However I cannot telnet to it from the LAN side.  Is there a way to have traffic with destination subnet of the WAN interface no go over the ppp link?
ip source-route
!
ip cef
!
interface FastEthernet4
 description $ETH-WAN$
 ip address 192.168.1.1
 ip flow ingress
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.5.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
interface Dialer1
 description PPPOE
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 no cdp enable
 ppp authentication pap callin
 ppp chap hostname xxxxxx
 ppp chap password 7 xxxxxx
 ppp pap sent-username xxxxxx password 7 xxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source Vlan1
ip flow-export version 9
!
ip nat inside source list 1 interface Dialer1 overload
!
ip access-list extended WAN_Outbound
 remark SDM_ACL Category=1
 permit ip any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit 192.168.5.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

Open in new window

Comment
Watch Question

Network Architect
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Author

Commented:
Still no go.  Regular traffic is still flowing with the changes, but still can't get to the 192.168.1.x subnet from the LAN side.  Are the 2 route-map entries supposed to be identical?
Jody LemoineNetwork Architect
CERTIFIED EXPERT

Commented:
Whoops.  Second one should match FastEthernet4.  Good catch.
CERTIFIED EXPERT

Author

Commented:
That did the trick.  Thanks for the help!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.