Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
2
Replies

A question about nat configuration

Go to solution
manuel.dennis
Level 1
Level 1

‎12-08-2010 06:31 AM - edited ‎03-11-2019 12:20 PM

I've been digging around in the IOS 12.4 on-line documentation and finding just enough information to make me ask more questions, that I can't find answers for.  Any help is greatly appreciated.

I have a system with one external interface and many internal network interfaces.  For security we are looking at using RFC 1918 IP addresses for the internal networks and implementing nat for external routing.

Also for security reasons we need to ensure that only traffic for each specific subnet can route through its internal interface, both into and out of the router.  To me, it appears that we will need a separate access-list for each interface, is this correct?

We also have security mandates that require the use of the "IP access-list extended" format.  is that format compatible with nat?

Can an IP nat pool support more than one IP source list (access-list) or do we need one pool for each list?  Can the IOS even support more than one pool?  If so, is there a limit to the number of pools that are supported?

Another issue is that we will have some applications that require the end unit to have a routable IP address.  They will have their one dedicated internal interface, but everything shares the same external interface.  Can one external interface support both?

Manuel Dennis

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-08-2010 07:22 AM

Hi,

A specific ACL applied to each interface.
IP access-list extended is the recommended way to go fully compatible with NAT.
Recommended configuration one pool for each ACL.
IOS can support many pools.
You can have a mix of public/private addresses.

If you need clarification in something please let us know.

Federico.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-08-2010 07:22 AM

Hi,

A specific ACL applied to each interface.
IP access-list extended is the recommended way to go fully compatible with NAT.
Recommended configuration one pool for each ACL.
IOS can support many pools.
You can have a mix of public/private addresses.

If you need clarification in something please let us know.

Federico.

0 Helpful

Go to solution
manuel.dennis
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-08-2010 07:31 AM

The examples in the on-line documentation were somewhat limited. Your information is very helpful.  Thank you.

Manuel Dennis

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card