12-11-2014 03:59 PM - edited 03-05-2019 12:20 AM
How do I do this in a Cisco Integrated Services Router?
global (outside) 2 192.168.96.48 netmask 255.255.255.255
nat (inside) 2 access-list nat_vpn
Solved! Go to Solution.
12-11-2014 05:19 PM
Difficult to be precise without knowing the nat_vpn acl but -
on the "inside" interface of the ISR -
int gi0/0
ip nat inside
on the "outside" interface of the ISR -
int gi0/1
ip nat outside
then define your acl -
access-list 101 permit ..... (whatever you want to permit. You can use a named acl if you like)
and then
ip nat inside source list 101 interface gi0/1 overload
Jon
12-11-2014 05:19 PM
Difficult to be precise without knowing the nat_vpn acl but -
on the "inside" interface of the ISR -
int gi0/0
ip nat inside
on the "outside" interface of the ISR -
int gi0/1
ip nat outside
then define your acl -
access-list 101 permit ..... (whatever you want to permit. You can use a named acl if you like)
and then
ip nat inside source list 101 interface gi0/1 overload
Jon
12-11-2014 06:11 PM
It just occurred that the 192.168.96.48 probably isn't the IP on the outside interface ?
If it isn't then you need to modify the configuration I posted. So you still need the NAT statements on the interfaces and you still need the acl.
You also need a NAT pool ie.
ip nat pool <name> 192.168.96.48 192.168.96.48 netmask 255.255.255.252 - <name> can be anything you like.
then you need to modify the NAT statement ie. -
ip nat inside source list 101 pool <name> overload
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide