Ramesh c wrote: > Ther serial port of my router is connected to PVT network and > ethernet is connected to Internet,throught which i am going to > establish VPN(Ipsec). > > My question are... > 1)I am not running nat on my router,do i still need to add the > following on my router... > > access-list 130 deny ip 10.65.0.0 0.0.255.255 172.16.2.11 > 0.0.0.0 > access-list 130 permit ip 10.65.0.0 0.0.255.255 any > > route-map nonat permit 10 > match ip address 130 > > ip nat pool branch netmask > ip nat inside source route-map nonat pool branch overload
Dude, without knowing your whole config how do u expect us to advise. btw, the access-list referred in this route-map is indeed 130, from the partial info that you have provided, you can safely remove it. > 2)My PVT network mask is 252...so would my access_list mask > would be 0.0.0.3 > > access_list permit ip 192.168.5.36 0.0.0.3 172.16.3.2 0.0.0.255 The first bit 0.0.0.3 is correct, but "172.16.3.2 0.0.0.255" do u mean 172.16.3.0 0.0.0.255 (note 0 instead of 2) unless you are trying to match on the 2nd last bit, which can achieve something much different than trying to match the whole /24 Nick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28813&t=28806 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]