Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2521
Views
5
Helpful
4
Replies

ACL for PAT

Go to solution
johnlloyd_13
Level 9
Level 9

‎10-25-2010 03:24 AM - edited ‎03-06-2019 01:43 PM

hi experts,

i have static NAT on a set of private IP range mapped to public IP addresses. due to no more public IP address available, i would like to set PAT for the remaining private IP range and overload it on the WAN IP. i'm choosing which ACL for PAT for private IP address range 192.168.4.64 - .254 is correct?

ip nat inside source static 192.168.4.2 210.x.x.x --> STATIC NAT FROM 192.168.4.2 - .63

ip nat inside source list 10 interface FastEthernet0/0 overload 

access-list 10 permit 192.168.4.64  0.0.0.255 --> PAT FROM 192.168.4.64 - .255

OR

access-list 10 permit 192.168.4.64  0.0.0.191

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-25-2010 07:19 AM 

johnlloyd_13 wrote:
hi experts,
i have static NAT on a set of private IP range mapped to public IP addresses. due to no more public IP address available, i would like to set PAT for the remaining private IP range and overload it on the WAN IP. i'm choosing which ACL for PAT for private IP address range 192.168.4.64 - .254 is correct?
ip nat inside source static 192.168.4.2 210.x.x.x --> STATIC NAT FROM 192.168.4.2 - .63
ip nat inside source list 10 interface FastEthernet0/0 overload  
access-list 10 permit 192.168.4.64  0.0.0.255 --> PAT FROM 192.168.4.64 - .255
OR
access-list 10 permit 192.168.4.64  0.0.0.191

John

You cannot cover the whole range with one entry - try this

access-list 101 permit ip 192.168.4.64 0.0.0.63 any

access-list 101 permit ip 192.168.4.128 0.0.0.127 any

ip nat inside source list 101 interface fa0/0 overload

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-25-2010 07:19 AM 

johnlloyd_13 wrote:
hi experts,
i have static NAT on a set of private IP range mapped to public IP addresses. due to no more public IP address available, i would like to set PAT for the remaining private IP range and overload it on the WAN IP. i'm choosing which ACL for PAT for private IP address range 192.168.4.64 - .254 is correct?
ip nat inside source static 192.168.4.2 210.x.x.x --> STATIC NAT FROM 192.168.4.2 - .63
ip nat inside source list 10 interface FastEthernet0/0 overload  
access-list 10 permit 192.168.4.64  0.0.0.255 --> PAT FROM 192.168.4.64 - .255
OR
access-list 10 permit 192.168.4.64  0.0.0.191

John

You cannot cover the whole range with one entry - try this

access-list 101 permit ip 192.168.4.64 0.0.0.63 any

access-list 101 permit ip 192.168.4.128 0.0.0.127 any

ip nat inside source list 101 interface fa0/0 overload

Jon

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Jon Marshall

‎10-25-2010 06:52 PM

hi jon,

thanks for your feedback! is standard ACL also applicable for this case?

access-list 10 permit ip 192.168.4.64 0.0.0.63

access-list 10 permit ip 192.168.4.128 0.0.0.127

ip nat inside source list 10 interface fa0/0 overload

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to johnlloyd_13

‎10-26-2010 12:41 AM 

johnlloyd_13 wrote:
hi jon,
thanks for your feedback! is standard ACL also applicable for this case?
access-list 10 permit ip 192.168.4.64 0.0.0.63
access-list 10 permit ip 192.168.4.128 0.0.0.127
ip nat inside source list 10 interface fa0/0 overload

John

I always use an extended list because i have seen cases where a standard acl just doesn't work.

Jon

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Jon Marshall

‎10-26-2010 12:44 AM

thanks jon! will try what you suggested.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card