Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
0
Helpful
0
Replies

NAT vs ACL

bellaireroad
Level 1
Level 1

‎03-24-2012 03:09 PM - edited ‎03-04-2019 03:47 PM

Hello.

I am setting up a Barracuda VPN.  Please take a look at the requirements and my config.   Is this the best way to handle this task?  Thanks

These are the ports on the appliance that need access.  It also states the GRE (IP protocol 47) In/Out direction must be allowed for PPTP to function.

Capture.JPG

I used static NAT configuration to enable this...here is a screen shot of the CCP

Capture2.JPG

However, when I look at my config, I dont see the outside to inside rules...is this because all outgoing traffic is already permitted by ACL 1?

interface GigabitEthernet0/0

description $ETH-WAN$

ip ddns update DYNDNS

ip address dhcp client-id GigabitEthernet0/0

ip nat outside

ip virtual-reassembly

duplex auto speed auto

no cdp enable no mop enabled

!

interface GigabitEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

ip forward-protocol nd

!

ip http server

ip http secure-server

!

ip nat inside

source list 1 interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.168.1.4 80 interface GigabitEthernet0/0 80

ip nat inside source static tcp 192.168.1.111 4125 interface GigabitEthernet0/0 4125

ip nat inside source static tcp 192.168.1.111 3389 interface GigabitEthernet0/0 3389

ip nat inside source static tcp 192.168.1.111 443 interface GigabitEthernet0/0 443

ip nat inside source static tcp 192.168.1.106 90 interface GigabitEthernet0/0 90

ip nat inside source static tcp 192.168.1.106 3660 interface GigabitEthernet0/0 3660

ip nat inside source static tcp 192.168.1.106 3663 interface GigabitEthernet0/0 3663

ip nat inside source static tcp 192.168.1.106 4665 interface GigabitEthernet0/0 4665

ip nat inside source static tcp 192.168.1.4 22 interface GigabitEthernet0/0 22

ip nat inside source static tcp 192.168.1.4 25 interface GigabitEthernet0/0 25

ip nat inside source static tcp 192.168.1.4 53 interface GigabitEthernet0/0 53

ip nat inside source static udp 192.168.1.4 53 interface GigabitEthernet0/0 53

ip nat inside source static udp 192.168.1.4 123 interface GigabitEthernet0/0 123

ip nat inside source static tcp 192.168.1.4 389 interface GigabitEthernet0/0 389

ip nat inside source static udp 192.168.1.4 500 interface GigabitEthernet0/0 500

ip nat inside source static tcp 192.168.1.4 636 interface GigabitEthernet0/0 636

ip nat inside source static tcp 192.168.1.4 1723 interface GigabitEthernet0/0 1723

ip nat inside source static udp 192.168.1.4 4500 interface GigabitEthernet0/0 4500

!

ip radius source-interface GigabitEthernet0/1

logging trap debugging

logging 192.168.1.113

access-list 1 remark INSIDE_IF=GigabitEthernet0/1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

Thanks for taking a look

Best Regards, Roger

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card