Solved: Edit - is the 192.168.96.48

nelson-rick · ‎12-11-2014

How do I do this in a Cisco Integrated Services Router?

global (outside) 2 192.168.96.48 netmask 255.255.255.255
nat (inside) 2 access-list nat_vpn

Jon Marshall · ‎12-11-2014

Difficult to be precise without knowing the nat_vpn acl but -

on the "inside" interface of the ISR -

int gi0/0

ip nat inside

on the "outside" interface of the ISR -

int gi0/1

ip nat outside

then define your acl -

access-list 101 permit ..... (whatever you want to permit. You can use a named acl if you like)

and then

ip nat inside source list 101 interface gi0/1 overload

Jon

Jon Marshall · ‎12-11-2014

Difficult to be precise without knowing the nat_vpn acl but -

on the "inside" interface of the ISR -

int gi0/0

ip nat inside

on the "outside" interface of the ISR -

int gi0/1

ip nat outside

then define your acl -

access-list 101 permit ..... (whatever you want to permit. You can use a named acl if you like)

and then

ip nat inside source list 101 interface gi0/1 overload

Jon

Jon Marshall · ‎12-11-2014

It just occurred that the 192.168.96.48 probably isn't the IP on the outside interface ?

If it isn't then you need to modify the configuration I posted. So you still need the NAT statements on the interfaces and you still need the acl.

You also need a NAT pool ie.

ip nat pool <name> 192.168.96.48 192.168.96.48 netmask 255.255.255.252 - <name> can be anything you like.

then you need to modify the NAT statement ie. -

ip nat inside source list 101 pool <name> overload

Jon

Global NAT Command in ASA, how do I do it on Cisco ISR