Solved

Wild card setting for NAT

Posted on 2010-08-18
6
784 Views
Last Modified: 2012-05-10
Hi

I put the Ip address for Fast ethernet 0/1

192.168.88.2 and subnet 255.255.255.192

then in NAt, i typed

configure terminal
ip access-list standard NAT_ADDRESS
permit 192.168.88.0 0.0.0.255


but still i is not allowing trafiq to go out side
also i added this line

ip nat inside source list NAT_ADDRESS interface FastEthernet 0/0 overload

and static router has right entry so that trafiq can go out

what i am thinking is bellow line

permit 192.168.88.0 0.0.0.255  -> permit 192.168.88.0 0.0.0.192

can any one please help me
thanks


0
Comment
Question by:fosiul01
6 Comments
 
LVL 2

Accepted Solution

by:
xephael earned 250 total points
ID: 33464888
The wildcard subnet mask for 255.255.255.192 is 0.0.0.63.

If you need help with NAT I would need to see the entire configuration.
0
 
LVL 29

Author Comment

by:fosiul01
ID: 33465041
why 63 ??

but i think the problem was different

for some reason, it was unable to use dns server of my isp router

but its working now by using

ip access-list standard NAT_ADDRESS
 permit 192.168.88.0 0.0.0.255
!

but why you said to use 63?
0
 
LVL 2

Assisted Solution

by:Paresh Patel
Paresh Patel earned 250 total points
ID: 33465988
While xephael is correct in his comment, 192.168.88.0 0.0.0.255 will work since it includes your subnet, 192.168.88.0/26 (255.255.255.192).

Since your network is 192.168.88.0 255.255.255.192, wildcard mask for ACL should be 0.0.0.63 so it only covers your network and not entire 192.168.88.0 255.255.255.0.
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 
LVL 2

Expert Comment

by:jimhoodleeds
ID: 33484963
Can you post your config (hash out any confidential bits) and I'll take a look for you?
0
 
LVL 2

Expert Comment

by:xephael
ID: 33492462
"why 63?"

63+192=255 which is the maximum number for an IPv4 octet.  The wildcard is an inverse of a subnet mask.  For example the wildcard of subnet 255.255.255.0 is 0.0.0.255.  The wildcard of subnet 255.255.255.128 is 0.0.0.128.

Hope that makes sense.

Address:      192.168.88.2      11000000.10101000.01011000.00   000010
Netmask:      255.255.255.192 = 26      11111111.11111111.11111111.11   000000
Wildcard:      0.0.0.63      00000000.00000000.00000000.00   111111
Network:      192.168.88.0      11000000.10101000.01011000.00   000000      (Class C)
Broadcast:      192.168.88.63      11000000.10101000.01011000.00   111111
HostMin:      192.168.88.1      11000000.10101000.01011000.00   000001
HostMax:      192.168.88.62      11000000.10101000.01011000.00   111110
Hosts/Net:      62      ( RFC-1918 Private Internet Address. )

0
 
LVL 2

Expert Comment

by:xephael
ID: 33492473
255.255.255.128 is 0.0.0.127 (messed up ;)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question