PAT/NAT ACL configuration question
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by pbass83 on May 6, 2008, 11:23 am
Please log in for more thread options I setup a PAT overload on a 2611 router to allow some workstations internet access. I also want to setup a static NAT for a web/ftp server. Is it possible to do both simultaneously without opening up everything? pete | ||||||||||||||||
|
Posted by News Reader on May 6, 2008, 7:39 pm
Please log in for more thread options Absolutely. The following is not a complete configuration; just some ACLs: ip access-list extended nat-src remark --- Inside source addresses dynamically translated via PAT overload. permit ip 192.168.1.0 0.0.0.255 any ip nat inside source list nat-src interface Ethernet1 overload ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21 ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80 Typically, you'd use an ACL on the inside interface to address outbound traffic, with inspection to facilitate the return path. Likewise, you'd use an ACL on the outside interface to address inbound traffic (i.e.: to your server), with inspection to facilitate the return path. Best Regards, News Reader | ||||||||||||||||
|
Posted by pbass83 on May 16, 2008, 8:36 pm
Please log in for more thread options > pbass83 wrote:
> > Hi everyone,
> > I setup a PAT overload on a 2611 router to allow some workstations > > internet access. I also want to setup a static NAT for a web/ftp > > server. Is it possible to do both simultaneously without opening up > > everything? > > pete >
> Absolutely. > > The following is not a complete configuration; just some ACLs: > > ip access-list extended nat-src > remark --- Inside source addresses dynamically translated via PAT > overload. > permit ip 192.168.1.0 0.0.0.255 any > > ip nat inside source list nat-src interface Ethernet1 overload > > ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21 > ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80 > > Typically, you'd use an ACL on the inside interface to address outbound > traffic, with inspection to facilitate the return path. > > Likewise, you'd use an ACL on the outside interface to address inbound > traffic (i.e.: to your server), with inspection to facilitate the return > path. > > Best Regards, > News Reader News Reader, Thanks very much for the advice. I pete | ||||||||||||||||
> I setup a PAT overload on a 2611 router to allow some workstations
> internet access. I also want to setup a static NAT for a web/ftp
> server. Is it possible to do both simultaneously without opening up
> everything?
> pete