[c-nsp] Bridging + Routing + NAT

Sridhar Ayengar ploopster at gmail.com
Sun Aug 29 08:44:25 EDT 2010 

The machines on the bridged interfaces can talk to the outside world, 
the machines on the private network can talk to the outside world with 
NAT, but the machines on the bridged network can't talk to the machines 
on the private network.  What am I doing wrong with the following 
configuration?

Peace...  Sridhar

bridge irb
!
!
interface FastEthernet2/0/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip virtual-reassembly
  no ip mroute-cache
  half-duplex
  no cdp enable
  no mop enabled
  bridge-group 1
!
interface FastEthernet2/1/0
  ip address 172.22.22.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly
  ip policy route-map bypass-out
  full-duplex
  no cdp enable
  no mop enabled
!
interface FastEthernet3/0/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip virtual-reassembly
  no ip mroute-cache
  half-duplex
  no cdp enable
  no mop enabled
  bridge-group 1
!
interface BVI1
  ip address 173.50.165.26 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  ip policy route-map bypass-in
!
ip classless
ip route 0.0.0.0 0.0.0.0 173.50.165.1
!
ip nat translation max-entries 300
ip nat inside source route-map nat-traversal interface BVI1 overload
!
access-list 101 deny   ip 172.22.22.0 0.0.0.255 173.50.165.24 0.0.0.7
access-list 101 deny   ip 173.50.165.24 0.0.0.7 172.22.22.0 0.0.0.255
access-list 101 permit ip 172.22.22.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 102 permit ip 173.50.165.24 0.0.0.7 172.22.22.0 0.0.0.255
access-list 102 deny   ip any any
access-list 103 permit ip 172.22.22.0 0.0.0.255 173.50.165.24 0.0.0.7
access-list 103 deny   ip any any
!
route-map bypass-in permit 10
  match ip address 102
  set interface FastEthernet2/1/0
!
route-map nat-traversal permit 10
  match ip address 101
!
route-map bypass-out permit 10
  match ip address 103
  set interface BVI1
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
no bridge 1 bridge appletalk
no bridge 1 bridge clns
no bridge 1 bridge decnet

More information about the cisco-nsp mailing list