How do I allow an external host to connect to an internal networ

Scott Farwell · ‎06-21-2012

I need to allow host A from the internet access to a 10.10.10.xx internal network but keep it from connecting to other internal networks.

Does this do the trick:

interface eth0

ip access-list 196 in

ip access-list 196 permit ip host (host A ip address ) ip 10.10.10.0 0.0.0.255

Alcides Miguel · ‎06-21-2012

Hi Joe,

You must to have nat in place 'couse this address is not routable in Internet. After that you will need to map the outside address to inside address.

best regards,

Alcides

Scott Farwell · ‎06-21-2012

Hi Alcides,

Host A IP address is an Internet routable address.

Joe

Richard Burts · ‎06-21-2012

Joe

The point that Alcides is making is that if host A is in the Internet and wants to access your internal network that there needs to be address translation in place to make your internal network accessible from the Internet. Note that what is frequently done to translate internal addresses using the interface address with overload works fine to allow inside hosts to get out and for response traffic to get back in. But it does not work for traffic originated from the Internet to inside networks. So you would need additional address translation.

Also I would point out that the access list that you suggest in your original post would allow that specific Internet host to access your network but it does not permit anything else. You should give some thought to what other traffic would need to be permitted in through this interface.

HTH

Rick

HTH

Rick

How do I allow an external host to connect to an internal network through a cisco 2851?