06-18-2019 01:48 AM
I have a small issue with ACL.
My local network are 10.2.1.0/24 and 10.2.2/24 , When i apply indise local NAT like below. It translate my 10.2.1.0/24 and 10.2.2/24 network sucessfuly.
ip access-list standard Nat_Traffic
permit 10.1.0.0 0.0.255.255
permit 10.2.0.0 0.0.255.255
As per my understanding NAT traffic should be rejected because my network fall in different subnet.
Please correct me why my local network translated with that above NAT?
Please explain with small example,
Thanks
Solved! Go to Solution.
06-18-2019 02:22 AM
The subnet 10.2.0.0 /16 covers the IP range 10.2.0.0 - 10.2.255.255 , so within that range are your two /24's, each with the corresponding range:
10.2.1.0/24 = 10.2.1.0 - 10.2.1.255
10.2.2.0/24 = 10.2.2.0 - 10.2.2.255
...have a play around with http://www.subnet-calculator.com/ . If you are not familiar with IP subneting there are numerous online tutorials:
cheers,
Seb.
06-18-2019 02:00 AM
Hi there,
This router NAT statement, so the ACL will use wildcard netmasks.
The ACE which matches your two local subnets is:
permit 10.2.0.0 0.0.255.255
...this is equivalent to 10.2.0.0/16 , which your two subnets are matched under.
cheers,
Seb.
06-18-2019 02:13 AM
06-18-2019 02:22 AM
The subnet 10.2.0.0 /16 covers the IP range 10.2.0.0 - 10.2.255.255 , so within that range are your two /24's, each with the corresponding range:
10.2.1.0/24 = 10.2.1.0 - 10.2.1.255
10.2.2.0/24 = 10.2.2.0 - 10.2.2.255
...have a play around with http://www.subnet-calculator.com/ . If you are not familiar with IP subneting there are numerous online tutorials:
cheers,
Seb.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: