[c-nsp] Don't NAT a Subset of Traffic
Sridhar Ayengar
ploopster at gmail.com
Sun Aug 22 05:29:28 EDT 2010
I have a Verizon FiOS connection with 5 IP addresses attached to my 7505.
So because it's excluded from the access-list, traffic from my private
network 172.16.16.0 to my public IP addresses is not NATed. I still
can't figure out how to pass this traffic without NATing it. If I
remove the deny line from the access-list, the traffic is correctly
passed NATed. Anyone have any ideas for me?
Thanks.
Peace... Sridhar
A snippet of my configuration (with irrelevant bits removed) follows:
bridge irb
!
!
interface FastEthernet2/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip mroute-cache
half-duplex
no cdp enable
no mop enabled
bridge-group 1
!
interface FastEthernet2/1/0
ip address 172.16.16.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
full-duplex
no cdp enable
no mop enabled
!
interface FastEthernet3/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip mroute-cache
half-duplex
no cdp enable
no mop enabled
bridge-group 1
!
interface BVI1
ip address 173.50.165.26 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 173.50.165.1
!
ip nat translation max-entries 300
ip nat inside source list 101 interface BVI1 overload
!
access-list 101 deny ip 172.16.16.0 0.0.0.255 173.50.165.24 0.0.0.7
access-list 101 permit ip 172.16.16.0 0.0.0.255 any
access-list 101 deny ip any any
More information about the cisco-nsp
mailing list