cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
529
Views
0
Helpful
5
Replies

NATting problem

WStoffel1
Level 1
Level 1

Hi all, got another natting problem (and ACL issue) I can't solve regarding an L2L tunnel.  Attached is the config, and nat control is enabled, which is actually a first for me.

Issue:  Tunnel to 192.168.193.0/24 comes up, showing it up at the bottom of the attached config.  I need to be able to pass traffic from 3 local subnets defined as object-group network DM_INLINE_NETWORK_1 to the 192.168.193.0/24 and I'm unable to.  Any ideas?

Thanks in advance.

2 Accepted Solutions

Accepted Solutions

julomban
Level 3
Level 3

Hello,

You are missing the the ACL on the NAT 0 rule:

nat (inside) 0 access-list 105

Please add the following ACL:

access-list 105 permit ip object-group DM_INLINE_NETWORK_1 192.168.193.0 255.255.255.0

You need to make sure the other site of the tunnel has already the same config otherwise will not work.

Regards,

Juan Lombana

Please rate helpful posts.

View solution in original post

Hello,

I am glad to hear that. The "extended" line is implicit, if you look again at show access-list 105 you will see the last line with the extended as the rest. This is include it automatically into any ACL you created.

Regards,

Juan Lombana

View solution in original post

5 Replies 5

julomban
Level 3
Level 3

Hello,

You are missing the the ACL on the NAT 0 rule:

nat (inside) 0 access-list 105

Please add the following ACL:

access-list 105 permit ip object-group DM_INLINE_NETWORK_1 192.168.193.0 255.255.255.0

You need to make sure the other site of the tunnel has already the same config otherwise will not work.

Regards,

Juan Lombana

Please rate helpful posts.

Fast response and you nailed it.  Thank you!  Traffic was flowing immediately.

Any particular reason it's permit IP and not Extended Permit like the rest of 105?

Hello,

I am glad to hear that. The "extended" line is implicit, if you look again at show access-list 105 you will see the last line with the extended as the rest. This is include it automatically into any ACL you created.

Regards,

Juan Lombana

Haha, 100% correct again, didn't realize that.  Thank you!

Your welcome!! :-)

Review Cisco Networking for a $25 gift card