dmwynne
asked on
Allow another subnet to use nat
Hi, currently have a a 1921 router setup to nat for 10.40.x.x.
From what I can determine nat uses SDM_RMAP_1 route map based on the below line:
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload
Here is the route map:
#sh route-map SDM_RMAP_1
route-map SDM_RMAP_1, permit, sequence 1
Match clauses:
ip address (access-lists): 101
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Here is the acl:
Extended IP access list 101
1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
10 deny ip 10.40.0.0 0.0.255.255 10.0.0.0 0.0.255.255
30 permit ip 10.40.0.0 0.0.255.255 any (36235 matches)
40 permit ip 10.70.0.0 0.0.255.255 any
50 permit ip 10.10.0.0 0.0.255.255 any
I want to allow network 192.168.129.x to the internet. Do I just add it to the acl 101? If so, what is the command I should use.
Why does ACL 101 have the deny statements at the the top?
1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
From what I can determine nat uses SDM_RMAP_1 route map based on the below line:
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload
Here is the route map:
#sh route-map SDM_RMAP_1
route-map SDM_RMAP_1, permit, sequence 1
Match clauses:
ip address (access-lists): 101
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Here is the acl:
Extended IP access list 101
1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
10 deny ip 10.40.0.0 0.0.255.255 10.0.0.0 0.0.255.255
30 permit ip 10.40.0.0 0.0.255.255 any (36235 matches)
40 permit ip 10.70.0.0 0.0.255.255 any
50 permit ip 10.10.0.0 0.0.255.255 any
I want to allow network 192.168.129.x to the internet. Do I just add it to the acl 101? If so, what is the command I should use.
Why does ACL 101 have the deny statements at the the top?
1 deny ip 10.40.0.0 0.0.255.255 10.20.0.0 0.0.255.255 (200516 matches)
2 deny ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 (261241 matches)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.