Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.
I have created the following:
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any
and applied it to the outgoing interface of the router:
interface FastEthernet0/0
ip address 10.0.0.1 255.0.0.0
ip access-group 1 out
ip nat outside
duplex auto
speed auto
However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.
Have I done something incorrect here ?
Thanks for any help.
Solved! Go to Solution.
hi philip:
traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6
192.168.1.6 can not pass the
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any
Hi,
Why are you doing this NAT overload on Belfast ?
Just do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.
Regards.
Alain
Don't forget to rate helpful posts.
Hi Alain,
Thanks for lending a hand on OP's issue!
Philip,
Could you try what Alain suggested and let us know how it goes?
Sent from Cisco Technical Support iPhone App
hi philip,
could you post the device's show run and a network diagram? are you running this on PT?
hi philip,
sorry i don't have PT installed on my PC right now. could you copy and pase the config here?
yes, I have done that in the previous message.
Thank you kindly.
Hi,
Why are you doing this NAT overload on Belfast ?
Just do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.
Regards.
Alain
Don't forget to rate helpful posts.
Hi Alain,
Thanks for lending a hand on OP's issue!
Philip,
Could you try what Alain suggested and let us know how it goes?
Sent from Cisco Technical Support iPhone App
hi philip:
traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6
192.168.1.6 can not pass the
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any