Hello all, Continuing my quest to unravel that which was left behind, I am now at the following conclusion:
Europe is on subnet 172.29.30.0 U.S. is on subnet 192.168.100.0 Europe office has a 512k portal to the internet, public IP gateway being 1.2.3.4 (made up of course, is in 217.x.x.x range) U.S. public IP is 6.7.8.9 However, it has been configured for all Europe internet traffic to be routed through U.S. office (for purposes of going through a firewall, which wasn't in place anyways). This has left Europe office with effective internet speeds of <50k. Now I want them to use their own internet portal and I believe I need to reconfigure access lists to allow it. Here are my lists: ip nat inside source list 101 interface Ethernet0 overload ip kerberos source-interface any ip classless ip route profile ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.40.0 255.255.255.0 192.168.100.15 ip http server ! access-list 100 permit ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 deny ip 172.29.30.0 0.0.0.255 6.7.8.9 0.0.0.31 access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 permit ip 172.29.30.0 0.0.0.255 any interface Ethernet0 description connected to Internet ip address 1.2.3.5 255.255.255.248 <--- IP is one number above public gateway ip nat outside no ip route-cache no ip mroute-cache half-duplex crypto map cm-cryptomap And here's what I *think* I need to do: no ip route 0.0.0.0 0.0.0.0 1.2.3.4 ip route 172.29.30.0 255.255.255.0 1.2.3.4 access-list 100 permit ip 172.29.30.0 0.0.0.255 1.2.3.4 For the last line I would actually need to clear all access lists ( no access-list 100..... is the command?) and then reenter to preserve the order? Does it sound like I'm close to what I need to do? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54901&t=54901 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]