Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 801+NAT+AccessList= doesn´t work????

Status
Not open for further replies.
morph

morph

ISP
May 2, 2001
3
0
0
ES
Hi all:)
I have a cisco 801 with Nat configured, I need an access-list to work with these private ranges:
172.16.0.0 255.255.255.0 mustn´t be able to connect to nothing.
172.16.0.1 255.255.255.0 must have access everything.
172.16.0.2 255.255.255.0 must have access only to mail.
The problem is I never can bring up the line with the current config. Please, can some top technical guru teke a look on it???? :) thx
-----------------------------------------
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname test
!
boot system flash
enable secret 12345
ip routing
!
username 12345 password 12345
ip subnet-zero
ip nat inside source list 101 interface bri0 overload
isdn switch-type basic-net3
isdn tei-negotiation first-call
!
interface Ethernet0
ip address 172.16.0.248 255.255.255.0
ip address 172.16.1.248 255.255.255.0 secondary
ip address 172.16.2.248 255.255.255.0 secondary
ip nat inside
no shutdown
no ip directed broadcast
!
interface BRI0
ip address public ip 255.255.255.240
ip nat outside
no shutdown
encapsulation ppp
bandwidth 128
dialer idle-timeout 300
dialer wait-for-carrier-time 15
dialer map ip host name 12345 telephone number
dialer load-threshold 25 either
dialer-group 1
no fair-queue
ppp multilink
ppp authentication pap callin
ppp pap sent-username 12345 password 12345
!
ip classless
ip route 0.0.0.0 0.0.0.0 host
ip route host 255.255.255.255 BRI0
access-list 101 deny udp any eq netbios-ns any
access-list 101 deny udp any eq netbios-dgm any
access-list 101 deny ip 172.16.0.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
access-list 101 permit tcp 172.16.2.0 0.0.0.255 eq smtp any
access-list 101 permit tcp 172.16.2.0 0.0.0.255 eq pop3 any
dialer-list 1 protocol ip list 101
!
line con 0
exec-timeout 0 0
line vty 0 4
password 12345
login
!
end
 
Sort by date Sort by votes
hi morph,

I see you have stablish the inside and outside interfaces for NAT but i can't see where are you doing the actual translations---------> you need to setup a pool of addresses to use or some static translations.

Have a look at that...

bye,

milikk

 
Upvote 0 Downvote
I use this instead a pool of ip:
ip nat inside source list 101 interface bri0 overload
This usually works... :)
If you think that making a pool of public addresses could make this works , I can make a try ;)
 
Upvote 0 Downvote

HA HA HA,

I'm sorry, usually i get that line right on top of the access-list ones, so i thought you where missing it...

 
Upvote 0 Downvote
ip route 0.0.0.0 0.0.0.0 host
ip route host 255.255.255.255 BRI0

I would try changing this to read:

ip route 0.0.0.0 0.0.0.0 BRI0
DELETE this line - ip route host 255.255.255.255 BRI0

also I would make the dialer-list access list number different from the NAT access list number just to make it easier to tell what is happening where

just my 2 cents

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
120
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
106
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
127
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
110
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
141
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top