I'm standing up a small office that will have one switch and one router. Switch will have all the user VLANs/SVIs and the router will do basic IOS FW/NAT functions. When I staged this on my lab gear for testing, NAT doesn't work UNLESS I put an inbound ACL on the inside interface to allow the traffic that matches the NAT ACL.
This to me seems like odd behavior and should not be the case. Is there something I'm missing?
FYI
Topology: user - switch - router - ISP
access-list 1 permit any log
access-list 101 permit ip 172.16.0.0 0.15.255.255 any log
access-list 102 permit ip 10.0.0.0 0.255.255.255 any log
ip nat pool NAT-172 192.0.2.4 192.0.2.4 prefix-length 29
ip nat pool NAT-10 192.0.2.5 192.0.2.5 prefix-length 29
ip nat inside source list 101 pool NAT-172 overload
ip nat inside source list 102 pool NAT-10 overload
!
interface FastEthernet0/0
ip address 172.16.1.254 255.255.255.0
ip access-group 1 in
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1
ip address 192.0.2.2 255.255.255.248
ip nat outside
ip virtual-reassembly in
No comments:
Post a Comment