cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

internet acl

davec4351
Beginner
Beginner

Hello,

 

I have a router configured on my lan, the source interface is gi0/0/0 and ip is obtained with via dhcp. My question is can I configure an acl without specifying the wan interface ip since the dhcp address changes every so often? 

 

Here is a snip from my configuration to allow the internet for example of source wan interface

int gi0/0/0 

ip nat outside 

ip access-group 100 in 

,,,,

 

(access-list 100)

permit ip 96.255.180.0 0.0.0.255 any log     <---Can I create an acl without specifying the source wan network for internet access? 

3 REPLIES 3

Flavio Miranda
Advisor
Advisor

You do can configure this way.

 On the wan interface

Ip nat outside

On the LAN interface 

Ip nat inside

For nat statement

Ip nat inside source  list 1 interface int gi0/0/0 overload

Ip access list standard 1 permit ip "local network"

 

"<---Can I create an acl without specifying the source wan network for internet access?"

 

The wan interface is not specified on the ACL. The local network is. Unless you are doing NAT from outside to inside. 

paul driver
VIP Expert VIP Expert
VIP Expert

Hello

Your current acl isn’t really doing any thing as its the only public ip address that is routable as i am assuming your internal lan subnets are all private RFC addressing and require NAT to access the internet.

 

As for specifying a source ip i would say it all depends on what you are trying to achieve with that acl - can you elaborate please?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

balaji.bandi
VIP Guru VIP Guru
VIP Guru
(access-list 100)

permit ip 96.255.180.0 0.0.0.255 any log     <---Can I create an acl without specifying the source wan network for internet access? 

Hope this IP address is allocated from ISP to you, what is your LAN IP address ? Are you looking to NAT from inside to outside for Lan traffic to reach the internet right? so that ACL should be an Internal LAN address Translating to Public Routable IP or ISP-provided IP.

 

Hope that is what your intention here right ? or you looking outside to inside traffic ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: