Sharing an IP Gateway on multiple Subnets

Similar Messages

• RV320: Need to use as gateway for multiple subnets

  We just purchased an RV320 as a replacement/upgrade to an RV042. Our Internet connection was upgraded to 200Mbps and the RV042 wouldn't handle that throughput.
  Our internal network has 4 subnets, all connected via a layer 3 switch. The RV320 is connected to one of those subnets and is the default gateway for the entire network.
  The RV042 had a "multiple subnets" setting that allowed it to perform NAT for the directly connected subnet and the other 3 subnets in our network. We would just add the other networks to the list in the RV042 and everything was fine.
  The RV320 doesn't seem to have the same functionality (or am I missing something?). It looks like there is some sort of multiple subnet support, but when we try to add another subnet the interface seems to be asking us to define a single IP address in that subnet (an IP address for the router?) as if all subnets will be directly attached to the router using VLANs (which is not the case in our network).
  We can set up the "advanced routing" option to define the other 3 internal subnets and how to route to them, etc. but will the RV320 perform NAT for the other subnets without any adidtional configuration?
  Can anyone shed any light on this?
  Many thanks!

  Precept,
  My name is Ismael, iam with Small Business Support Center. I like to start by asking is there a  particular reason that the switch is handling Layer 3/or DHCP? Normally when an RV042 is implemented you would need a Layer 3 switch as the RV042 only supports one DHCP scope.In addition all The RV0XX series does not support 802.1q VLAN.
  With RV320 you can setup multiple subnets under advance routing and still allow for it to pass DHCP for all of your 4 subnets and create 801.2q Vlan subinterfaces . Setting RV320 in this manner can create an ease in managing the network.
  If you are considering the RV320 to do Layer 3 / DHCP simply create your 4 Vlans or subnets. Add them to the DHCP scope and enable DHCP server for all subnets. Switch would have to be configured to Layer 2 for this to work.  The link below is a knowledge portal that could assist in creating DHCP and Vlans. Hope this helps you.
  http://sbkb.cisco.com/

• WRV200 - MULTIPLE SUBNETS

  I have basic knowledge on networking, and I'm trying to setup a wrv200 to work with my uncle’s business network.
  I’m working with multiple subnets.
  192.130.1.X
  192.130.2.X
  192.130.3.X
  192.130.4.X
  I have the internet on the 192.130.1.X
  My goal is to restrict the internet access with time ranges, on the 192.130.4.X in the wireless conection so I bought the wrv200 to be my access point, but I’m having problems with the setup I tryied to set the Internet IP to
  IP : 192.130.4.X
  Netmsk: 255.255.255.0
  Gateway: 192.130.1.30 - the server with internet sharing conection win2000
  DNS: ISP provided
  But the router don’t accept different subnets on the settings, My computer acctully uses the same config and it’s workin well….what is wrong? Any work around?
  Thank’s for your help in advance.
  Message Edited by JM_AG on 07-24-2008 05:04 PM
  Message Edited by JM_AG on 07-24-2008 05:04 PM

  hi. same scenario here as i was playing around with my router. i dunno if this is a problem with the firmware or a possible device limitation.

• Multiple subnets on SA520

  Hi - I am new to Cisco products. We have currently got a Netgear FVX538 running in front of a few servers. We currently have 2 ranges of IP addresses provided to us on 2 separate subnets. We configured the netgear box with the first IP addresses of each subnet as the IP address of each of the primary and secondary LANs. This then allowed us to set the gateway addresses of servers on the network to either of those 2 addresses, depending on it's range.
  This all worked fine - except for the fact that the Netgear box is incredibly flakey, so we decided to get a Cisco box.
  We have gone for the SA520, which I have been trying to configure this afternoon. Unfortunately I am now having concerns as to whether it is possible to configure 2 separate subnets internally on this box in the same way we have done with the netgear box. If I am right and this is not possible, does anyone know if there is a way of achieving what we want? ie - classical routing, one incoming WAN interface with multiple subnets?
  Thanks,
  Giles

  Thanks for getting back to me Julio. I'm not sure whether this helps or not. I'll try and explain the current setup a bit better:
  (IP addresses have been changed)
  WAN IP : 31.2.3.70
  WAN SUBNET : 255.255.255.252
  Gateway : 31.2.3.69
  Primary LAN : 31.20.1.135
  Primary LAN Subnet : 255.255.255.248
  Secondary LAN : 78.92.47.165
  Secondary LAN Subnet : 255.255.255.248
  I can then configure servers on the network on the following ranges:
  31.20.1.136 - 31.20.1.140
  Gateway: 31.20.1.135
  Or
  78.92.47.166 - 78.92.47.170
  Gateway: 78.92.47.165
  I can configure the new Cisco box with one of these ranges, but as it doesn't seem to have LAN Multi-homing, I don't seem to be able to add the 2nd subnet. Is this right? Is there another way of configuring it?
  Thanks,
  Giles

• Upnp Multicast to multiple subnets

  I am running an arch box as a router. I have gotten it working quite well, doesn't almost everything I need. One issue that I am still having problems with is upnp port forwarding from a different subnet.
  My gateway(the arch router) is 192.168.5.1
  it is running the upnp service (linux-igd) and works fine reciving requests and forwarding port for anyone on 192.168.5.0/24
  I however have a second subnet at 192.168.2.0/28 and upnp programs on it do not successfully forward ports. I made sure I do not have filter multicast enabled on the 2nd router. I am not double nating either so I am not sure whats wrong.
  I made sure to add the multicast routes to my router as well ( i can't add them to the 2nd router but I don't think thats the issue)
  239.0.0.0       *               255.0.0.0       U     0      0        0 lan
  224.0.0.0       *               240.0.0.0       U     0      0        0 lan
  I googled the upnp standard at it says ttl of 4 so I should be fine going only 1 subnet away.
  One thing that I was attempted but couldn't figure out how to correctly set it was using iptables to increase the ttl on any multicast coming out of the arch box.
  If anyone can point out or explain what I am doing wrong I would be really thankful.

  While the Mac OS X GUI admin tools don't support specifying multiple subnets, this can be done if you simply define your own exports in /etc/exports. The exports(5) man page has the details. You'll basically want to have a separate export entry for each subnet. For example, something like:
  /Volumes/data -network 10.0.1.0 -mask 255.255.255.0
  /Volumes/data -network 10.0.2.0 -mask 255.255.255.0
  /Volumes/data -network 10.0.3.0 -mask 255.255.255.0
  HTH
  --macko

• RV042 multiple subnet

  I'm trying to set up 2 subnet with two RV042 routers. One router will  act as a gateway and both WAN ports will be used by two different isp  connection. The first router (gateway) LAN IP will be 192.168.0.1/24.
  I  would also like to set up another router behind the gateway with with  separate subnet 192.168.1.X/24. And I would like clients on the  192.168.1.x subnet to use the internet through the gateway router and  clients on the 192.168.0.x subnet to access resources on the 192.168.1.x  subnet. Am I able to do this with two RV042?

  With firmware 1.x, you need not add the Allow access rule I mentioned in my previous post. But you need to add the 192.168.1.0/24 subnet to the "Multiple Subnet" list in the Setup>Network page of the first RV042 (gateway mode).
  In your configuration, the default gateway should be the WAN IP of Router 2.
  ROUTER 1 STATIC ROUTE DETAIL
  Destination IP: 192.168.30.0
  Net Mask: 255.255.255.0
  Default Gateway: 192.168.0.?
  You need not add any static route to Router 2, which knows the default gateway being 192.168.0.1/24.

• RV016 - multiple subnets

  Hei.
  I have been trying to configure my router for routing between subnets, unfortunately with no luck.
  Here is my situation -
  I have 2 networks which need to communicate with each other, no internet involved.
  Network A:
  RV016 router with IP: 192.168.0.2
  mask: 255.255.255.0
  there are cameras, PC's, PLC's conected to this network all with static IP address's.
  Network B:
  no router - all machines on this network have static IP's in the range 192.168.1.xxx and are connected via unmanaged switches.
  I need one of the PC's on network A to communicate with a PLC on  network B.
  I have tried to connect network B to A by connecting from a switch on network B to a LAN port on network A router and configuring the router for multiple subnets.
  I would really appreciate it if someone couold give me some pointers / steps to follow to make this work - my backup plan is to use another RV016 router configured to network B ip address.  But I dont have that yet.
  regards Ian.

  Hi Ian,
  You're correct the multiple subnet feature is what to use. To configure this-
  Go to the IPv4 tab and tick the enable multiple subnet box then click add/edit. On the next window type in a LAN IP address which can be anything you want... for argument sake I will say 192.168.100.1. Then type in the subnet mask, we will say 255.255.255.0. Click OK.
  Now, you'd need to configure the computers as an example such as-
  IP address 192.168.100.100
  Mask 255.255.255.0
  Gateway 192.168.100.1
  -Tom
  Please mark answered for helpful posts

• Help With split tunneling and multiple subnets behind asa

  Hello All,
  our vpn clients can no longer access internet while connected to vpn.
  I was hoping I could get an answer on here for an issue we are having. let me explain this with as little words as possible.
  here was old network layout:
  ASA
  192.168.1.1   ---->  the rest of the internal subnet (was only subnet in network)
  now
  ASA                              3560
  192.168.254.1/24 ----->192.168.254.2/24-->192.168.1.1/24
                                                                 192.168.2.1/24
  so what we did was route from 3560 to asa  so we would be able to have multiple subnets since our asa has base license.
  Our vpn with easy connect worked with our split tunneling before and now we made the change above and it no longer works. Can someone help me out as to why it no longer works and what changed need to be made to make it work.
  Thank you.
  ciscoasa# sh run
  : Saved
  ASA Version 8.2(2)
  hostname ciscoasa
  enable password 1N7bTm05RXLnBcUc encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.254.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  ftp mode passive
  clock timezone est -5
  same-security-traffic permit intra-interface
  access-list NoNat extended permit ip any 172.16.5.0 255.255.255.0
  access-list SplitTunnel standard permit 192.168.1.0 255.255.255.0
  access-list SplitTunnel standard permit 192.168.2.0 255.255.255.0
  access-list SplitTunnel standard permit 192.168.254.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool VPNPool 172.16.5.1-172.16.5.254 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NoNat
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
  route inside 192.168.1.0 255.255.255.0 192.168.254.2 1
  route inside 192.168.2.0 255.255.255.0 192.168.254.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set TransformSet1 esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map DynamicMap1 1 set transform-set TransformSet1
  crypto map MainMap 999 ipsec-isakmp dynamic DynamicMap1
  crypto map MainMap interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 0.0.0.0 0.0.0.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 64.90.182.55 source outside
  webvpn
  enable outside
  svc image disk0:/anyconnect-dart-win-2.5.0217-k9.pkg 1
  svc enable
  tunnel-group-list enable
  group-policy RenotreUsers internal
  group-policy RemoteUsers internal
  group-policy RemoteUsers attributes
  vpn-tunnel-protocol svc webvpn
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SplitTunnel
  tunnel-group RemoteUsers type remote-access
  tunnel-group RemoteUsers general-attributes
  address-pool VPNPool
  default-group-policy RemoteUsers
  tunnel-group RemoteUsers webvpn-attributes
  group-alias Southeast-Security-VPN enable
  tunnel-group RemoteUsers ipsec-attributes
  pre-shared-key *****

  I think it could be your NAT statement. You should try an avoid using any unless you tunnel everything. Try making this change
  no access-list NoNat extended permit ip any 172.16.5.0 255.255.255.0
  object-group network INTERNAL_NETWORKS
  description Internal Networks
  network-object 192.168.1.0 255.255.255.0
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.254.0 255.255.255.0
  access-list NoNat extended permit ip object-group INTERNAL_NETWORKS 172.16.5.0 255.255.255.0
  You may have to re-add your NAT0
  nat (inside) 0 access-list NoNat

• Hyper-V - Sites and Services using multiple subnets

  Good evening,
  Im currently setting up a test domain where I want to use multiple subnets.
  My current setup is the following
  - Host PC running Hyper-V manager with 1 physical NIC that connects to my router (192.168.0.1)
  - Virtual Machine running Windows Server 2012 R2 - This is my domain controller aswell as DNS and DHCP server. IP address for this is 192.168.0.200
  Now what im wanting to do is also create 2 more domain controllers but 'pretent' that they are in two completely different locations running off multiple subnets. Lets say one is in America and one is in Australia.
  I want the addresses of these two machines the following
  DC (America) - 192.168.1.1
  DC (Australia) - 192.168.2.1
  The reason i'll be doing this is im going to be working with Sites and Services to give me a better understanding of it.
  Please can someone give me help with how I can achieve this.
  Thanks.

  One way to do this is to:
  Setup 1 internal vSwitch. We'll use a different VLAN and subnet for each AD Site. For example, you can use VLAN 101, 102, and 103, and subnets 192.168.101.0/24, 192.168.102.0/24, and 192.168.103.0/24. This consistency will be very helpful later on. 
  Create a VM to act as a router, with 3 vNICs. Configure each of the 3 vNICs on a different VLAN, with a static IP on the corresponding subnet, such as 192.168.101.5, 192.168.102.5, and 192.168.103.5. Setup static routing rules if needed using Route Add
  for example. 
  Create 3 DCs. Each DC will have a single vNIC. It can be in its own domain and forest. For example, DC101 will have a vNIC on VLAN 101, with IP 192.168.101.10/24, GW 192.168.101.5. Setup DNS on each DC.
  Setup DHCP on each DC with a scope that corresponds to its subnet. For example, on DC101 setup a scope that provides IPs from 192.168.101.100 to .150, with /24 mask, .5 gateway, and .10 DNS.
  As you add other VMs, if you VLAN-tag its vNIC with VLAN ID 101, it will get IP address from DC101 on the 192.168.101.0/24 subnet since DHCP ARP broadcasts will not cross the router (VM we setup earlier) by default. 
  Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________
  Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

• Multiple subnets / NSX Question

  Hi guys
  Need a little bit of advice please.  I've inherited a collection of tiny server rooms, around 250 physical Windows 2003 server, spread over several buildings.  Almost each rack has it's own subnet, I've told management that they need to invest more in their network and a fully equipped server room / data center however falls on deaf ears!  Ideally I just want to invest in a small cluster with a SAN array in a single location and P2V all those VM's, however I need a little bit of advice on how to approach the subnet issue.
  I've had a very quick look at NSX and it seems to tick all the right boxes, is there something else I should be looking at or is something like NSX the way forward?
  Many thanks

  Sorry if there were some holes in my explanation.  I'm not a network guy so my knowledge on this is limited. 
  The end goal is to have all the physical servers (200+) running in many different rooms on multiple subnets, P2V'd onto a single cluster in a new location somewhere else in the building.  I don't know exactly why each rack has it's own subnet, maybe it's a legacy thing.  I asked the network team if they can present all those subnets to the new cluster but they said it can't be done due to the way the network is configured (no other explanation).
  Whilst I can ping the old physical servers from the new cluster I can't host any of the P2V's there as it's not picking up the old subnets, does that make sense?
  Regards
  Pete

• NAT 8.6 multiple subnets in a single static NAT

  Hello all, I have this question, probably pretty an easy to answer, but unfortunately I can't test it myself in a production environment right now.
  Do you know if is possible to have in ASA 8.6 a Static NAT rule with multiple subnets in both object groups. I currently have one to one subnet translation, but I need to add another two subnets.
  Today's configuration is this
  *** FROM ONE SUBNET TO ANOTHER ***
  object-group network REGIONAL-SOURCE
  network-object 10.1.1.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.201.0 255.255.255.0
  nat (Outside,Inside) after-auto source static REGIONAL-SOURCE REGIONAL-NAT dns
  What I need to accomplish is add two new subnets, but I want to see if is possible to do it using the same NAT rule, just adding the new 2 subnets.
  10.1.2.0/24 natted to 10.1.202.0 255.255.255.0
  10.1.3.0/24 natted to 10.1.203.0 255.255.255.0
  *** TWO MORE SUBNETS ARE NEEDED ***
  object-group network REGIONAL-SOURCE
  network-object 10.1.2.0 255.255.255.0
  network-object 10.1.3.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.202.0 255.255.255.0
  network-object 10.1.203.0 255.255.255.0
  If this is not possible I understand separate objects should be created with individual nat, I appreciate your comments and help.

  Hi,
  This should be no problem. It should work as you have thought.
  I tested the configurations on my own ASA
  object-group network REGIONAL-SOURCE
  network-object 10.1.1.0 255.255.255.0
  network-object 10.1.2.0 255.255.255.0
  network-object 10.1.3.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.201.0 255.255.255.0
  network-object 10.1.202.0 255.255.255.0
  network-object 10.1.203.0 255.255.255.0
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Here at the results of the "packet-tracer" to show the translations
  ASA(config)# packet-tracer input LAN tcp 10.1.1.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.1.100/12345 to 10.1.201.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.2.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.2.100/12345 to 10.1.202.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.3.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.3.100/12345 to 10.1.203.100/12345
  As you can see, everything is fine
  Naturally take into consideration the fact that if you were to (for some reason) remove a "network-object" statement from some "object-group" then the operation of the "nat" would change even if you entered the removed "network-object" back. (unless you removed the last "network-object" inside the "object-group") This is because the order of the "network-object" inside the "object-group" would change. You would essentially have to recreate the "object-group" and "nat" configuration.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

  Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

  David,
  We've used Resonate (software) to load balance the gateways. It allows
  you to group all the gateways under 1 virtual URL and load balance the
  incoming connections over each gateway depending on the rules that you
  define in Resonate. Look in the SUN portal whitepapers there is one that
  talks about it specifically.
  As far as load balancing the calls to the portals, the gateways will
  automatically load balance across all the portals that they know about
  using a simple round-robin rotation. You may be able to use Resonate in
  front of the portals but you may need to activate persistance within
  Resonate to ensure that the user always ends up on the portal that he
  established his initial connection on (if you want that), check with Sun
  on this one.
  David Broeren wrote:
  Recommended configuration for load balanced Portal with load balancer,
  multiple gateways and multiple servers.
  Does anyone have a recommended network, hardware and software
  configuration guide for a Portal installation running with multiple
  gateways load balanced (ie one URL) that talk to multiple servers?
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• RV320 with NAT source from multiple subnets

  Hello,
  I want to buy a router that will do NAT for multiple subnets, such as in the following configuration from Cisco IOS:
  interface FastEthernet0/0
   ip address 172.16.1.1/12
   ip nat inside
  interface FastEthernet0/1
   ip address a.b.c.d/29
   ip nat outside
  ip nat pool dsl-pool a.b.c.e a.b.c.f prefix-length 29
  ip nat inside source list 20 pool dsl-pool overload
  access-list 20 permit 172.16.1.64 0.0.0.63
  access-list 20 permit 172.16.21.0 0.0.0.255
  It is possible on Cisco RV320 device?
  Regars.
  Krzysztof

  Hi,
  This should be no problem. It should work as you have thought.
  I tested the configurations on my own ASA
  object-group network REGIONAL-SOURCE
  network-object 10.1.1.0 255.255.255.0
  network-object 10.1.2.0 255.255.255.0
  network-object 10.1.3.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.201.0 255.255.255.0
  network-object 10.1.202.0 255.255.255.0
  network-object 10.1.203.0 255.255.255.0
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Here at the results of the "packet-tracer" to show the translations
  ASA(config)# packet-tracer input LAN tcp 10.1.1.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.1.100/12345 to 10.1.201.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.2.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.2.100/12345 to 10.1.202.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.3.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.3.100/12345 to 10.1.203.100/12345
  As you can see, everything is fine
  Naturally take into consideration the fact that if you were to (for some reason) remove a "network-object" statement from some "object-group" then the operation of the "nat" would change even if you entered the removed "network-object" back. (unless you removed the last "network-object" inside the "object-group") This is because the order of the "network-object" inside the "object-group" would change. You would essentially have to recreate the "object-group" and "nat" configuration.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• Multiple subnets possible?

  All,
  I'm using my access point as a dhcp server in a test environment. Is it possible to have multiple subnets configured like a router-on-a-stick configuration?
  Thanks!
  John

  The AP can only support one DHCP scope, and only on the Native VLAN (i.e., untagged).
  There's only so much processor. Dumping a bunch of services on the AP is generally a bad idea. Ultimately it'll affect your performance & user counts.
  Good Luck
  Scott

• Multiple subnets under one vlan

  Hi everyone,
  Is there any way to create multiple subnets under one VLAN ? Right now, I am using VLAN 110 and it's IP is 172.16.0.1/16.
  We have three types of devices on this VLAN.I want to create 3 or 4 subnets for those devices under this VLAN for reducing the traffic or broadcast ?
  Please advise me.....
  Thanks in advance

  Mohammed,
  As long as you have a single VLAN only, you will not reduce the amount of broadcasts in this VLAN by using several IP networks. Even if the stations are in different IP networks within a single VLAN, every broadcast will be sent across the entire VLAN to all stations, regardless of their configured IP address. Broadcasting is a matter of Data Link Layer, or Layer2, and if you keep a single Layer2 domain (the VLAN), you will keep a single, merged, large broadcast domain.
  Just to answer your question, you could assign multiple addresses to an interface in a single network/VLAN by using secondary IP addresses, for example:
  interface Vlan110
  ip address 172.16.0.1 255.255.0.0
  ip address 192.168.1.1 255.255.255.0 secondary
  ip address 10.20.30.1 255.255.255.0 secondary
  However, as I explained, this will only allow you to "stretch" multiple IP networks over a single broadcast domain so there is no saving in terms of broadcasts or traffic reduction. For that, you must resort to multiple VLANs.
  Best regards,
  Peter