Solved

Allow another subnet to use nat

Posted on 2011-03-17
1
440 Views
Last Modified: 2012-05-11
Hi, currently have a a 1921 router setup to nat for 10.40.x.x.

From what I can determine nat uses SDM_RMAP_1 route map based on the below line:

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload


Here is the route map:

#sh route-map SDM_RMAP_1
route-map SDM_RMAP_1, permit, sequence 1
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

Here is the acl:

Extended IP access list 101
    1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
    2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
    10 deny ip 10.40.0.0 0.0.255.255 10.0.0.0 0.0.255.255
    30 permit ip 10.40.0.0 0.0.255.255 any (36235 matches)
    40 permit ip 10.70.0.0 0.0.255.255 any
    50 permit ip 10.10.0.0 0.0.255.255 any

I want to allow network 192.168.129.x to the internet. Do I just add it to the acl 101?  If so, what is the command I should use.

Why does ACL 101 have the deny statements at the the top?

1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
    2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
0
Comment
Question by:dmwynne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 35158971
The deny statements are required to allow traffic to traverse a VPN tunnel without being natted, so that's OK
Yes, you should be able to simply add 192.168.129.0 to the permits:

access-list 101 permit ip 192.168.129.0 0.0.0.255 any

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question