Octavio Alvarez wrote:
I have a Verizon FiOS connection with 5 IP addresses attached to my 7505.
So because it's excluded from the access-list, traffic from my private
network 172.16.16.0 to my public IP addresses is not NATed. I still
can't figure out how to pass this traffic without NATing it. If I
remove the deny line from the access-list, the traffic is correctly
passed NATed. Anyone have any ideas for me?
I would go for: it is passing but you don't have return routes on your
external hosts.
That's what I thought I had, but when I just tried it, it didn't work.
My current configuration:
bridge irb
!
interface FastEthernet2/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip mroute-cache
half-duplex
no cdp enable
no mop enabled
bridge-group 1
!
interface FastEthernet2/1/0
ip address 172.16.16.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
full-duplex
no cdp enable
no mop enabled
!
interface FastEthernet3/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no ip mroute-cache
half-duplex
no cdp enable
no mop enabled
bridge-group 1
!
interface BVI1
ip address 173.50.165.26 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 173.50.165.1
!
ip nat translation max-entries 300
ip nat inside source list 101 interface BVI1 overload
!
access-list 101 deny ip 172.16.16.0 0.0.0.255 173.50.165.24 0.0.0.7
access-list 101 deny ip 173.50.165.24 0.0.0.7 172.16.16.0 0.0.0.255
access-list 101 permit ip 172.22.22.0 0.0.0.255 any
access-list 101 deny ip any any
Peace... Sridhar
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/