Hi everyone, I setup a PAT overload on a 2611 router to allow some workstations internet access. I also want to setup a static NAT for a web/ftp server. Is it possible to do both simultaneously without opening up everything? pete
Absolutely.
The following is not a complete configuration; just some ACLs:
ip access-list extended nat-src remark --- Inside source addresses dynamically translated via PAT overload. permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list nat-src interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21 ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80
Typically, you'd use an ACL on the inside interface to address outbound traffic, with inspection to facilitate the return path.
Likewise, you'd use an ACL on the outside interface to address inbound traffic (i.e.: to your server), with inspection to facilitate the return path.
Best Regards, News Reader
News Reader, Thanks very much for the advice. I
pete
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.