Re: Question on NAT

pokwan · ‎12-09-2002

Hi,

I have an issue with the using the NAT which I would like to clarify and here's the scenario.

10.10.10.0 access via int vlan 2

192.168.100.0 - 192.168.110.0 access via int vlan 3

Configuration on the RSM.

interface vlan 1

ip address 192.168.1.1 255.255.255.0

interface vlan 2

ip address 192.168.2.1 255.255.255.0

ip nat outside

interface vlan 3

ip address 192.168.3.1 255.255.255.0

ip nat inside

access-list 150 permit ip 192.168.100.0 0.0.0.255 10.10.10.0 0.0.0.255

ip nat pool test 10.10.100.50 10.10.100.254 netmask 255.255.255.0

ip nat inside source list 150 pool test

Question.

I only wanted devices in the 192.168.100.0 range translated to the IP address in the test pool when accessing devices in 10.10.10.0 network. Will devices in the 192.168.101.0 to 192.168.110.0 networks (without translation) able to access devices in the 10.10.10.0 network or vice versa with the above setup?

TIA.

PF

gfullage · ‎12-10-2002

Sure, you haven't specifically denied them access, you've just said, don't NAT them on their way through. You'd need to apply an access-list on the interface that specifically denies the traffic from those other subnets.

pokwan · ‎12-10-2002

Gfullage,

Thanks very much for your reply. I can apply this knowledge to my network now...

Thanks.

PF