02-20-2020 11:52 PM
Hello,
I'm trying to add a separate subnet with access to another subnet, but can't make it work:
Existing configuration:
MAIN-LAN is the main local network on interface inside with address range 192.168.10.0/24
outside is internet access,
EZdr is another private network with interface IP 10.159.255.132. IP adress ranges 172.24.0.0 and 172.29.0.0 are routed to this network.
Interface inside has access to both outside and EZdr. That works.
I want to add another local network LAN_EZDR on it's own interface with IP 192.168.25.10 and I want this network to only have access to EZdr and no other network (neither MAIN-LAN or internet).
Packet tracer shows that the packets are routed correctly and are passed through. But nothing works (http, dns, ping, traceroute). It works from the MAIN-LAN but not from the new LAN_EZDR.
Attached is the configuration. Can someone please take a look and tell me what I'm missing?
Thank you.
02-21-2020 12:38 PM
From what you have poster it looks like you are missing NAT statements for LAN_EZDR to the internet. Also looks like you have not posted all the NAT configuration from your device. As for access from inside to LAN_EZDR without seeing your full NAT configration it is difficult to pin point but I suspect that you have NAT-control configured? If yes, then you will need a NAT statement for traffic from inside to LAN_EZDR
02-22-2020 04:00 AM
Thank you,
The attached file is the whole configuration - output of "show running-config". Is there some other command to show NAT config? Just to clarify, LAN_EZDR should have access to Ezdr but not to "outside" or "inside".
02-22-2020 11:50 AM
Currently you are allowing LAN-EZDR access to everything. Is that for testing?
Could you issue the command show run all nat and post the output.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide