It is currently Tue Sep 29, 2020 12:50 pm

All times are UTC

Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Access Lists & Static Routes - Guru Needed
PostPosted: Tue Mar 18, 2014 1:56 am 

Joined: Tue Mar 18, 2014 1:51 am
Posts: 1
Hi everybody! I am having a very strange issue that I have not been able to solve for the last couple of days and have decided its about time I got some help.

I am trying to allow an L2TP user to access an internal LAN and I have accomplished this but not quite. If I remove all the access-lists and nat rules in the cisco router, the L2TP user can reach any subnet beyond the cisco router successfully. However, doing so will cut out the internet access for any host that has been affected by the removal of the access lists.

Below is a detailed description of my setup and what I have tried so far.


What I want to achieve:
Allow my L2TP users to access the subnet without this subnet losing access beyond the cisco router.

I would greatly appreciate any kind of advice/pointer that could help me diagnose the problem here.

Please let me know if there is anything more I can provide that can better explain the problem I am having.

Thanks in advance!

 Post subject: Re: Access Lists & Static Routes - Guru Needed
PostPosted: Wed Mar 26, 2014 9:03 pm 

Joined: Sun Apr 25, 2010 4:57 pm
Posts: 214
Your pings stopping because of NAT...
1. case, you have NAT ACL for all thats why IP are translated and no one ping to this network is success.
2. case, you have changed NAT ACL to just host of your FTP, that why your PC can reach but not 3.2, because it under nat now..
3. case, nat removed, of course your FTP can reach only network what he reach directly, no way any other...

Please need more configurations, what is on switch?
what is on router?
Interesting all routes, default routes...

If you want to use NAT, I recommend use static NAT here:
but you have to expect some more IP from range need more IP here, lets say change CIDR to 29 (6 IP for hosts)
and one IP should be reserved for FTP server. Don't forget reconfigure static routes and interfaces !

As your can reach, cool here we will use nat to translate FTP to

on router:
ip nat inside source static

Thats it, your FTP is reachable from outside using IP (ping from is success) or back ping from to or etc success..
Your L2TP customers will use NAT IP for access to FTP server: !

R5 user from
R5#ping source

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Packet sent with a source address of
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/128/152 ms

sh ip nat transtaltions on R2 (router):

R2#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- --- ---

now you will see that router translate IP to and responding back.

This is classical static NAT usage !!!


Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group