Prev: IP CLASSLESS not working
Next: bgp anycast addressing
From: News Reader on 6 May 2008 19:39
pbass83 wrote:
> Hi everyone,
> I setup a PAT overload on a 2611 router to allow some workstations
> internet access. I also want to setup a static NAT for a web/ftp
> server. Is it possible to do both simultaneously without opening up
> everything?
> pete

Absolutely.

The following is not a complete configuration; just some ACLs:

ip access-list extended nat-src
remark --- Inside source addresses dynamically translated via PAT
overload.
permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list nat-src interface Ethernet1 overload

ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21
ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80

Typically, you'd use an ACL on the inside interface to address outbound
traffic, with inspection to facilitate the return path.

Likewise, you'd use an ACL on the outside interface to address inbound
traffic (i.e.: to your server), with inspection to facilitate the return
path.

Best Regards,
News Reader
 | 
Pages: 1
Prev: IP CLASSLESS not working
Next: bgp anycast addressing