Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
5
Replies

NAT with ACL

bghobadi2
Level 1
Level 1

‎02-25-2005 12:33 PM - edited ‎03-02-2019 09:53 PM

Hello all.

I have the following ACL defined and applied:

interface FastEthernet0/0.3

encapsulation dot1Q 3

ip address 10.250.16.2 255.255.255.128

no ip redirects

ip accounting output-packets

standby 3 ip 10.250.16.1

standby 3 priority 110

standby 3 preempt

standby 3 track Serial0/0 20

access-list 150 remark Client Segment Security

access-list 150 permit tcp 10.250.16.0 0.0.0.127 host 10.0.1.250 eq telnet

access-list 150 permit udp any host 224.0.0.2 eq 1985

access-list 150 permit tcp any any eq domain

access-list 150 permit icmp any any

I need to NAT the traffic to 10.0.1.250 to 10.200.25.25

1. What should be my NAT statement look like?

2. Where should I apply it, on sub-interface or main interface?

3. If the NAT statement will work with the ACL/

Thank you all in advance.

Bo

Labels:
0 Helpful
5 Replies 5

tekha
Level 3
Level 3

‎02-25-2005 01:05 PM

Your second question is easy to answer, the sub-interface.

To answer your first question, I need a little more info.

Do you want to NAT 10.0.1.250 to 10.200.25.25, or do you mean all the 10.250.16.0/25 hosts should be NAT'tet to 10.200.25.25?

With the third question, well I'm not sure what asking.

What interface is the host 10.0.1.250 known via?

You userly allways have at least 2 interfaces when doing NAT, could you post the second interface?

0 Helpful

bghobadi2
Level 1
Level 1
In response to tekha

‎02-28-2005 07:30 AM

Hi Teddy.

1. I want to NAT all the traffic from 10.250.16.0 /25 to 10.0.1.250.

2.The 10.0.1.250 is reachable via serial 0/0.10

interface Serial0/0.100 point-to-point

ip address 192.168.16.78 255.255.255.252

My bigger concern is getting NAT to work with my ACL.

Thanks

Bo

0 Helpful

tekha
Level 3
Level 3
In response to bghobadi2

‎02-28-2005 09:23 AM

interface Loopback666

ip addresse 10.200.25.25 255.255.255.255

!

interface Serial0/0.100 point-to-point

ip address 192.168.16.78 255.255.255.252

ip nat outside

!

interface FastEthernet0/0.3

encapsulation dot1Q 3

ip address 10.250.16.2 255.255.255.128

ip nat inside

!

ip nat inside source list 105 interface loopback 666 overload

!

access-list 105 permit ip 10.250.16.0 0.0.0.127 host 10.0.1.250

0 Helpful

bghobadi2
Level 1
Level 1
In response to tekha

‎02-28-2005 10:07 AM

Teddy.

Thanks a lot.

You have a nice day.

Bo

0 Helpful

tekha
Level 3
Level 3
In response to bghobadi2

‎02-28-2005 10:32 AM

Evening. It's 7.30 PM in Denmark.

And you are welcome.

0 Helpful
Customers Also Viewed These Support Documents