NAT pool configuration question

blue phoenix · ‎10-20-2014

Hi all,

I would like to know how can I compute for a wild card mask for this hosts?

10.1.1.5 /24 - 10.1.1.8 /24

I have created a nat pool that translates addresses above to 124.24.34.250/24 - 124.24.34.253/24

R3#show access-list
Extended IP access list traders
10 permit ip 10.1.1.0 0.0.0.5 any
R3#sh run | s nat
ip nat pool my_traders 124.24.34.250 124.24.34.253 prefix-length 24
ip nat inside source list traders pool my_traders

10.1.1.5 to 10.1.1.7 works, it's only .8 that doesn't, how can I cover it?

thanks all,

Seb Rupik · ‎10-20-2014

Hi there,

the wildcard mask you are using your ACL 'traders' only covers the IP range 10.1.1.1 - 7 . Either increase the size of the mask by one bit (0.0.0.15) to cover the range 10.1.1.1 - 15 , or (preferably) list each IP induvidualy:

permit ip 10.1.1.5 0.0.0.0 any

permit ip 10.1.1.6 0.0.0.0 any

....

permit ip 10.1.1.8 0.0.0.0 any

cheers,

Seb.

blue phoenix · ‎10-20-2014

Hi Seb,

I was able to resolve, although I would like to know if I can further aggregate or summarize acls?

R3#sh run | s users
ip nat pool users 124.24.34.249 124.24.34.249 prefix-length 24
ip nat inside source route-map my_users pool users overload
route-map my_users permit 10
match ip address lan
R3#show access-list lan
Extended IP access list lan
10 permit ip 10.1.1.16 0.0.0.15 any (2 matches)
20 permit ip 10.1.1.32 0.0.0.15 any (1 match)
30 permit ip 10.1.1.64 0.0.0.63 any
40 permit ip 10.1.1.128 0.0.0.127 any

Also should the prefix length in the NAT statement be equal to the subnet mask of the inside local address?

Thanks,

feltinsilije · ‎10-20-2014

Hello my friend

Wtih this access-list, you can't cover adress 10.1.1.8, but you in you access-list, you cant add this command:

ip extended access-list traders

20 permit ip 10.1.1.8 0.0.0.0 any (or 20 permit host 10.1.1.8 any)

this command will premit host wih adress 10.1.1.8 to out you network

" please do not make fun of me, I know my English poor"