On May 6, 7:39 pm, News Reader <u...@domain.null> wrote:
> pbass83 wrote:
> > Hi everyone,
> > I setup a PAT overload on a 2611 router to allow some workstations
> > internet access. I also want to setup a static NAT for a web/ftp
> > server. Is it possible to do both simultaneously without opening up
> > everything?
> > pete
>
> Absolutely.
>
> The following is not a complete configuration; just some ACLs:
>
> ip access-list extended nat-src
> remark --- Inside source addresses dynamically translated via PAT
> overload.
> permit ip 192.168.1.0 0.0.0.255 any
>
> ip nat inside source list nat-src interface Ethernet1 overload
>
> ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21
> ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80
>
> Typically, you'd use an ACL on the inside interface to address outbound
> traffic, with inspection to facilitate the return path.
>
> Likewise, you'd use an ACL on the outside interface to address inbound
> traffic (i.e.: to your server), with inspection to facilitate the return
> path.
>
> Best Regards,
> News Reader
News Reader,
Thanks very much for the advice. I
pete
|
Similar Threads
