I have a remote office that is connected via site to site VPN from a 1720 router (remote office) to Pix (HQ). The remote office has its own T1. The users in the remote office go across the VPN for LAN/WAN resources and go straight out the T1 to the Internet. I have used the route-map command to specify which subnets are allowed over the VPN and which are directed towards the Internet. I bascially followed the sample doc at http://www.cisco.com/warp/public/110/39.html
Here are the relevant config lines:
HQ LAN subnet - 10.1.1.0/24
HQ LAN subnet - 10.1.2.0/24
Remote LAN subnet - 172.16.1.0/24
Remote WAN subnet - 172.30.1.0/24
Here is my setup on the router:
crypto map catcher
match address 120
ip nat pool remote 172.30.1.10 172.30.1.30 prefix-length 24
ip nat inside source route-map nonat pool remote
access-list 120 permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 120 permit ip 172.16.1.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 130 deny ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 172.16.1.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 130 permit ip 172.16.1.0 0.0.0.0.255 any
route-map nonat permit 10
match ip address 130
I would like to limit all users that have a 172.16.1.230 or higher IP address on the remote LAN subnet from accessing the Internet. I tried changing the last line of access-list 130 to 172.16.1.0 0.0.0.229 but it did not work. Does anyone have an idea on how to make this to work?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...