guest routing with cisco 2821

This is probably really simple but I still need a little help
I have a 2821 router with 2 Gig ports a Fast Ethernet card and a 4 port switch module.
Port configuration
Gig 0/0 = 10.10.x.y (LAN)
Gig 0/1.1 = 172.29.x.y ( WAN / MPLS Connection)
FastEthernet 0/3/1 = 192.168.1.1 – connected to cisco access point. on seperate vlan 40
Fast Eth 0/2/0 = 216.167.x.y
Users currently access the internet via the FE 0/2/0 port and obviously the LAN on G0/0
What I need is to be able to route guest access to the internet across the 192.168 subnet and keep them off the LAN - company policy is to allow vistors unrestricted access to the internet so firewall (on that side) is not an issue.
Do I need a second IP address to do this?
Is it done with access rules and such?  if so an outline or link to documentation / suggetions is all I need.
Thanks
MPontoNetwrok AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
You can use ACLs - that's the easiest way to do it.

You'll need one ACL which is applied to the FastEthernet0/3/1 interface.  You could also use this ACL for a NAT statement to allow internet access via FastEthernet0/2/0.

Something like...

ip access-list extended GuestAccess
 deny ip any 10.0.0.0 0.255.255.255
 deny ip any 172.16.0.0 0.0.15.255.255
 permit ip 192.168.1.0 0.0.0.255 any
!
interface FastEthernet0/2/0
 ip nat outside
!
interface FastEthernet0/3/1
 access-class GuestAccess in
 ip nat inside
!
ip nat inside source list GuestAccess interface FastEthernet0/2/0 overload
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MPontoNetwrok AdminAuthor Commented:
Tried this and it worked fine - sort of.
Guest users were able to access the internet but, it prevented internal users from accessing the internet.
i am looking at who to redo the access list and will post if someone doesn't beat me to it.
0
MPontoNetwrok AdminAuthor Commented:
once I adjusted the access-list to meet my router config it worked fine - good work
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.