Solved

Allow another subnet to use nat

Posted on 2011-03-17
1
439 Views
Last Modified: 2012-05-11
Hi, currently have a a 1921 router setup to nat for 10.40.x.x.

From what I can determine nat uses SDM_RMAP_1 route map based on the below line:

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload


Here is the route map:

#sh route-map SDM_RMAP_1
route-map SDM_RMAP_1, permit, sequence 1
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

Here is the acl:

Extended IP access list 101
    1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
    2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
    10 deny ip 10.40.0.0 0.0.255.255 10.0.0.0 0.0.255.255
    30 permit ip 10.40.0.0 0.0.255.255 any (36235 matches)
    40 permit ip 10.70.0.0 0.0.255.255 any
    50 permit ip 10.10.0.0 0.0.255.255 any

I want to allow network 192.168.129.x to the internet. Do I just add it to the acl 101?  If so, what is the command I should use.

Why does ACL 101 have the deny statements at the the top?

1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
    2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
0
Comment
Question by:dmwynne
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 35158971
The deny statements are required to allow traffic to traverse a VPN tunnel without being natted, so that's OK
Yes, you should be able to simply add 192.168.129.0 to the permits:

access-list 101 permit ip 192.168.129.0 0.0.0.255 any

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Public IP Address - Subnet 4 33
Configuring WAN interface on Cisco ASA5525 3 25
not able to to ping server on a switch 1 33
Change name on 7940 Cisco UM 10 22
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question