cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
0
Helpful
3
Replies

NAT pool configuration question

blue phoenix
Level 1
Level 1

Hi all,

 

I would like to know how can I compute for a wild card mask for this hosts?

10.1.1.5 /24 - 10.1.1.8 /24

 

I have created a nat pool that translates addresses above to 124.24.34.250/24 - 124.24.34.253/24

 

R3#show access-list
Extended IP access list traders
    10 permit ip 10.1.1.0 0.0.0.5 any
R3#sh run | s nat
ip nat pool my_traders 124.24.34.250 124.24.34.253 prefix-length 24
ip nat inside source list traders pool my_traders

 

10.1.1.5 to 10.1.1.7 works, it's only .8 that doesn't, how can I cover it?

 

 

thanks all,


 

 

3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

the wildcard mask you are using your ACL 'traders' only covers the IP range 10.1.1.1 - 7 . Either increase the size of the mask by one bit (0.0.0.15) to cover the range 10.1.1.1 - 15 , or (preferably) list each IP induvidualy:

 

permit ip 10.1.1.5 0.0.0.0 any

permit ip 10.1.1.6 0.0.0.0 any

....

permit ip 10.1.1.8 0.0.0.0 any

 

cheers,

Seb.

Hi Seb,

 

I was able to resolve, although I would like to know if I can further aggregate or summarize acls?

R3#sh run | s users
ip nat pool users 124.24.34.249 124.24.34.249 prefix-length 24
ip nat inside source route-map my_users pool users overload
route-map my_users permit 10
 match ip address lan
R3#show access-list lan
Extended IP access list lan
    10 permit ip 10.1.1.16 0.0.0.15 any (2 matches)
    20 permit ip 10.1.1.32 0.0.0.15 any (1 match)
    30 permit ip 10.1.1.64 0.0.0.63 any
    40 permit ip 10.1.1.128 0.0.0.127 any

Also should the prefix length in the NAT statement be equal to the subnet mask of the inside local address?


Thanks,

 

Thanks,

 

feltinsilije
Level 1
Level 1

 

 

Hello my friend

 

Wtih this access-list, you can't cover adress 10.1.1.8, but you in you access-list, you cant add this command:

 

ip extended access-list traders

20 permit ip 10.1.1.8 0.0.0.0 any   (or 20 permit host 10.1.1.8 any)

 

this command will premit host wih adress 10.1.1.8 to out you network

 

" please do not make fun of me, I know my English poor"