Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

This should be easy for someone!

I have an network connected to us that is using NAT to allow a pool of addresses to access a single host on our network. The command on their router is:

ip nat pool RockCty 172.17.1.33 172.17.1.95 prefix-length 24

Is the prefix-length 24 is correct if they only want .33-.95?

Would my access list look like this?

access-list 101 permit ip host 172.17.1.0 0.0.192 host 172.25.32.217

I can't figure out the correct inverse mask.

Thanks,

Kathleen

2 REPLIES
New Member

Re: This should be easy for someone!

Shouldn't the ip nat pool statement look like:

ip nat pool RockCty 172.17.1.33 172.17.1.95 prefix-length 26

Because the subnet mask would be 255.255.255.192?

Silver

Re: This should be easy for someone!

Don't care about prefix-length, it just specifies subnet bits of 172.17.x.x network.

About access-list I recommend to use: (if they use prefix-length 24)

access-list 101 permit ip 172.17.1.32 0.0.0.31 host 172.25.32.217

access-list 101 permit ip 172.17.1.64 0.0.0.31 host 172.25.32.217

This will exactly match machines .32-.95

Hope this helps you

229
Views
0
Helpful
2
Replies