Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
3
Replies

internet acl

davec4351
Level 1
Level 1

‎06-16-2022 04:27 PM

Hello,

 

I have a router configured on my lan, the source interface is gi0/0/0 and ip is obtained with via dhcp. My question is can I configure an acl without specifying the wan interface ip since the dhcp address changes every so often? 

 

Here is a snip from my configuration to allow the internet for example of source wan interface

int gi0/0/0 

ip nat outside 

ip access-group 100 in 

,,,,

 

(access-list 100)

permit ip 96.255.180.0 0.0.0.255 any log     <---Can I create an acl without specifying the source wan network for internet access? 

Labels:
0 Helpful
3 Replies 3

Flavio Miranda
VIP
VIP

‎06-16-2022 06:24 PM - edited ‎06-16-2022 06:32 PM

You do can configure this way.

 On the wan interface

Ip nat outside

On the LAN interface 

Ip nat inside

For nat statement

Ip nat inside source  list 1 interface int gi0/0/0 overload

Ip access list standard 1 permit ip "local network"

 

"<---Can I create an acl without specifying the source wan network for internet access?"

 

The wan interface is not specified on the ACL. The local network is. Unless you are doing NAT from outside to inside. 

0 Helpful

paul driver
VIP
VIP

‎06-16-2022 11:33 PM

Hello

Your current acl isn’t really doing any thing as its the only public ip address that is routable as i am assuming your internal lan subnets are all private RFC addressing and require NAT to access the internet.

 

As for specifying a source ip i would say it all depends on what you are trying to achieve with that acl - can you elaborate please?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎06-17-2022 12:04 AM 

(access-list 100)

permit ip 96.255.180.0 0.0.0.255 any log     <---Can I create an acl without specifying the source wan network for internet access?

Hope this IP address is allocated from ISP to you, what is your LAN IP address ? Are you looking to NAT from inside to outside for Lan traffic to reach the internet right? so that ACL should be an Internal LAN address Translating to Public Routable IP or ISP-provided IP.

 

Hope that is what your intention here right ? or you looking outside to inside traffic ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card