Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ip overload NAT & standard acl

Hi!

I have a config:

---

ip nat inside source list 10 interface Dialer0 overload

!

access-list 10 permit 192.168.202.0 0.0.0.255

access-list 10 permit 192.168.205.0 0.0.0.255

access-list 10 permit 192.168.214.0 0.0.0.255

access-list 10 permit any log

---

My PC is 192.168.206.1.

And if trying to surf to eg www.google.com, it doesn't work.

Even pinging to www.yahoo.com _sometimes_ works...

When adding a line to the acl:

---

access-list 10 permit 192.168.202.0 0.0.0.255

access-list 10 permit 192.168.205.0 0.0.0.255

access-list 10 permit 192.168.214.0 0.0.0.255

access-list 10 permit 192.168.206.0 0.0.0.255

access-list 10 permit any log

---

I CAN surf to www.google.com.

When I change the overload to an extended acl:

---

ip nat inside source list 100 interface Dialer0 overload

access-list 100 permit ip any any

---

it works perfectly.

Is there any reason why the last line of my 1st standard acl doens't allow my traffic?

Thanks.

2 REPLIES
Hall of Fame Super Bronze

Re: ip overload NAT & standard acl

Does it work if you remove the log option ?

New Member

Re: ip overload NAT & standard acl

Posted by: johanhofmans

Oct 30, 2007, 6:10am PST

Hi!

I have a config:

---

ip nat inside source list 10 interface Dialer0 overload

!

access-list 10 permit 192.168.202.0 0.0.0.255

access-list 10 permit 192.168.205.0 0.0.0.255

access-list 10 permit 192.168.214.0 0.0.0.255

access-list 10 permit any log

---

My PC is 192.168.206.1.

Your PC is on a different network for the first ACL,

which you added on the second ACL.

by adding: access-list 10 permit 192.168.206.0 0.0.0.255

If you can surf to www.google.com with the second ACL; then the problem has nothing to do with your NAT configuration.

Do you have any other ACL's configured?

232
Views
0
Helpful
2
Replies
CreatePlease to create content