PAT/NAT ACL configuration question

Discussion in 'Cisco' started by pbass83, May 6, 2008.

  1. pbass83

    pbass83 Guest

    Hi everyone,
    I setup a PAT overload on a 2611 router to allow some workstations
    internet access. I also want to setup a static NAT for a web/ftp
    server. Is it possible to do both simultaneously without opening up
    everything?
    pete
     
    pbass83, May 6, 2008
    #1
    1. Advertising

  2. pbass83

    News Reader Guest

    pbass83 wrote:
    > Hi everyone,
    > I setup a PAT overload on a 2611 router to allow some workstations
    > internet access. I also want to setup a static NAT for a web/ftp
    > server. Is it possible to do both simultaneously without opening up
    > everything?
    > pete


    Absolutely.

    The following is not a complete configuration; just some ACLs:

    ip access-list extended nat-src
    remark --- Inside source addresses dynamically translated via PAT
    overload.
    permit ip 192.168.1.0 0.0.0.255 any

    ip nat inside source list nat-src interface Ethernet1 overload

    ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21
    ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80

    Typically, you'd use an ACL on the inside interface to address outbound
    traffic, with inspection to facilitate the return path.

    Likewise, you'd use an ACL on the outside interface to address inbound
    traffic (i.e.: to your server), with inspection to facilitate the return
    path.

    Best Regards,
    News Reader
     
    News Reader, May 7, 2008
    #2
    1. Advertising

  3. pbass83

    pbass83 Guest

    On May 6, 7:39 pm, News Reader <> wrote:
    > pbass83 wrote:
    > > Hi everyone,
    > > I setup a PAT overload on a 2611 router to allow some workstations
    > > internet access. I also want to setup a static NAT for a web/ftp
    > > server. Is it possible to do both simultaneously without opening up
    > > everything?
    > > pete

    >
    > Absolutely.
    >
    > The following is not a complete configuration; just some ACLs:
    >
    > ip access-list extended nat-src
    > remark --- Inside source addresses dynamically translated via PAT
    > overload.
    > permit ip 192.168.1.0 0.0.0.255 any
    >
    > ip nat inside source list nat-src interface Ethernet1 overload
    >
    > ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21
    > ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80
    >
    > Typically, you'd use an ACL on the inside interface to address outbound
    > traffic, with inspection to facilitate the return path.
    >
    > Likewise, you'd use an ACL on the outside interface to address inbound
    > traffic (i.e.: to your server), with inspection to facilitate the return
    > path.
    >
    > Best Regards,
    > News Reader


    News Reader,
    Thanks very much for the advice. I

    pete
     
    pbass83, May 17, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alexandre
    Replies:
    0
    Views:
    8,161
    Alexandre
    Oct 17, 2003
  2. BinSur
    Replies:
    4
    Views:
    5,816
    BinSur
    Jan 13, 2006
  3. spec
    Replies:
    2
    Views:
    1,450
    Walter Roberson
    May 25, 2006
  4. yadap

    acl+Static nat+Dynamic Nat

    yadap, Aug 31, 2006, in forum: Cisco
    Replies:
    0
    Views:
    671
    yadap
    Aug 31, 2006
  5. Steven Carr
    Replies:
    7
    Views:
    762
Loading...

Share This Page