08-23-2012 08:30 PM - edited 03-07-2019 08:30 AM
Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.
I have created the following:
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any
and applied it to the outgoing interface of the router:
interface FastEthernet0/0
ip address 10.0.0.1 255.0.0.0
ip access-group 1 out
ip nat outside
duplex auto
speed auto
However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.
Have I done something incorrect here ?
Thanks for any help.
Solved! Go to Solution.
08-23-2012 11:38 PM
hi philip:
traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6
192.168.1.6 can not pass the
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any
08-23-2012 11:39 PM
Hi,
Why are you doing this NAT overload on Belfast ?
Just do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.
Regards.
Alain
Don't forget to rate helpful posts.
08-24-2012 12:00 AM
Hi Alain,
Thanks for lending a hand on OP's issue!
Philip,
Could you try what Alain suggested and let us know how it goes?
Sent from Cisco Technical Support iPhone App
08-23-2012 09:11 PM
hi philip,
could you post the device's show run and a network diagram? are you running this on PT?
08-23-2012 09:17 PM
08-23-2012 09:54 PM
hi philip,
sorry i don't have PT installed on my PC right now. could you copy and pase the config here?
08-23-2012 10:44 PM
yes, I have done that in the previous message.
Thank you kindly.
08-23-2012 11:39 PM
Hi,
Why are you doing this NAT overload on Belfast ?
Just do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.
Regards.
Alain
Don't forget to rate helpful posts.
08-24-2012 12:00 AM
Hi Alain,
Thanks for lending a hand on OP's issue!
Philip,
Could you try what Alain suggested and let us know how it goes?
Sent from Cisco Technical Support iPhone App
08-23-2012 11:38 PM
hi philip:
traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6
192.168.1.6 can not pass the
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide