Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Allow another subnet to use nat

Posted on 2011-03-17
1
Medium Priority
?
443 Views
Last Modified: 2012-05-11
Hi, currently have a a 1921 router setup to nat for 10.40.x.x.

From what I can determine nat uses SDM_RMAP_1 route map based on the below line:

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload


Here is the route map:

#sh route-map SDM_RMAP_1
route-map SDM_RMAP_1, permit, sequence 1
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

Here is the acl:

Extended IP access list 101
    1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
    2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
    10 deny ip 10.40.0.0 0.0.255.255 10.0.0.0 0.0.255.255
    30 permit ip 10.40.0.0 0.0.255.255 any (36235 matches)
    40 permit ip 10.70.0.0 0.0.255.255 any
    50 permit ip 10.10.0.0 0.0.255.255 any

I want to allow network 192.168.129.x to the internet. Do I just add it to the acl 101?  If so, what is the command I should use.

Why does ACL 101 have the deny statements at the the top?

1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
    2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
0
Comment
Question by:dmwynne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 35158971
The deny statements are required to allow traffic to traverse a VPN tunnel without being natted, so that's OK
Yes, you should be able to simply add 192.168.129.0 to the permits:

access-list 101 permit ip 192.168.129.0 0.0.0.255 any

0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question