12-12-2012 06:18 AM - edited 03-11-2019 05:36 PM
Hi all, got another natting problem (and ACL issue) I can't solve regarding an L2L tunnel. Attached is the config, and nat control is enabled, which is actually a first for me.
Issue: Tunnel to 192.168.193.0/24 comes up, showing it up at the bottom of the attached config. I need to be able to pass traffic from 3 local subnets defined as object-group network DM_INLINE_NETWORK_1 to the 192.168.193.0/24 and I'm unable to. Any ideas?
Thanks in advance.
Solved! Go to Solution.
12-12-2012 06:24 AM
Hello,
You are missing the the ACL on the NAT 0 rule:
nat (inside) 0 access-list 105
Please add the following ACL:
access-list 105 permit ip object-group DM_INLINE_NETWORK_1 192.168.193.0 255.255.255.0
You need to make sure the other site of the tunnel has already the same config otherwise will not work.
Regards,
Juan Lombana
Please rate helpful posts.
12-12-2012 07:06 AM
Hello,
I am glad to hear that. The "extended" line is implicit, if you look again at show access-list 105 you will see the last line with the extended as the rest. This is include it automatically into any ACL you created.
Regards,
Juan Lombana
12-12-2012 06:24 AM
Hello,
You are missing the the ACL on the NAT 0 rule:
nat (inside) 0 access-list 105
Please add the following ACL:
access-list 105 permit ip object-group DM_INLINE_NETWORK_1 192.168.193.0 255.255.255.0
You need to make sure the other site of the tunnel has already the same config otherwise will not work.
Regards,
Juan Lombana
Please rate helpful posts.
12-12-2012 07:01 AM
Fast response and you nailed it. Thank you! Traffic was flowing immediately.
Any particular reason it's permit IP and not Extended Permit like the rest of 105?
12-12-2012 07:06 AM
Hello,
I am glad to hear that. The "extended" line is implicit, if you look again at show access-list 105 you will see the last line with the extended as the rest. This is include it automatically into any ACL you created.
Regards,
Juan Lombana
12-12-2012 07:18 AM
Haha, 100% correct again, didn't realize that. Thank you!
12-12-2012 07:37 AM
Your welcome!! :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide