PAT/NAT ACL configuration question

Discussion in 'Cisco' started by pbass83, May 6, 2008.

  1. pbass83

    pbass83 Guest

    Hi everyone,
    I setup a PAT overload on a 2611 router to allow some workstations
    internet access. I also want to setup a static NAT for a web/ftp
    server. Is it possible to do both simultaneously without opening up
    everything?
    pete
     
    pbass83, May 6, 2008
    #1
    1. Advertisements

  2. pbass83

    News Reader Guest

    Absolutely.

    The following is not a complete configuration; just some ACLs:

    ip access-list extended nat-src
    remark --- Inside source addresses dynamically translated via PAT
    overload.
    permit ip 192.168.1.0 0.0.0.255 any

    ip nat inside source list nat-src interface Ethernet1 overload

    ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21
    ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80

    Typically, you'd use an ACL on the inside interface to address outbound
    traffic, with inspection to facilitate the return path.

    Likewise, you'd use an ACL on the outside interface to address inbound
    traffic (i.e.: to your server), with inspection to facilitate the return
    path.

    Best Regards,
    News Reader
     
    News Reader, May 7, 2008
    #2
    1. Advertisements

  3. pbass83

    pbass83 Guest

    News Reader,
    Thanks very much for the advice. I

    pete
     
    pbass83, May 17, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.