10-25-2010 03:24 AM - edited 03-06-2019 01:43 PM
hi experts,
i have static NAT on a set of private IP range mapped to public IP addresses. due to no more public IP address available, i would like to set PAT for the remaining private IP range and overload it on the WAN IP. i'm choosing which ACL for PAT for private IP address range 192.168.4.64 - .254 is correct?
ip nat inside source static 192.168.4.2 210.x.x.x --> STATIC NAT FROM 192.168.4.2 - .63
ip nat inside source list 10 interface FastEthernet0/0 overload
access-list 10 permit 192.168.4.64 0.0.0.255 --> PAT FROM 192.168.4.64 - .255
OR
access-list 10 permit 192.168.4.64 0.0.0.191
Solved! Go to Solution.
10-25-2010 07:19 AM
johnlloyd_13 wrote:
hi experts,
i have static NAT on a set of private IP range mapped to public IP addresses. due to no more public IP address available, i would like to set PAT for the remaining private IP range and overload it on the WAN IP. i'm choosing which ACL for PAT for private IP address range 192.168.4.64 - .254 is correct?
ip nat inside source static 192.168.4.2 210.x.x.x --> STATIC NAT FROM 192.168.4.2 - .63
ip nat inside source list 10 interface FastEthernet0/0 overload
access-list 10 permit 192.168.4.64 0.0.0.255 --> PAT FROM 192.168.4.64 - .255
OR
access-list 10 permit 192.168.4.64 0.0.0.191
John
You cannot cover the whole range with one entry - try this
access-list 101 permit ip 192.168.4.64 0.0.0.63 any
access-list 101 permit ip 192.168.4.128 0.0.0.127 any
ip nat inside source list 101 interface fa0/0 overload
Jon
10-25-2010 07:19 AM
johnlloyd_13 wrote:
hi experts,
i have static NAT on a set of private IP range mapped to public IP addresses. due to no more public IP address available, i would like to set PAT for the remaining private IP range and overload it on the WAN IP. i'm choosing which ACL for PAT for private IP address range 192.168.4.64 - .254 is correct?
ip nat inside source static 192.168.4.2 210.x.x.x --> STATIC NAT FROM 192.168.4.2 - .63
ip nat inside source list 10 interface FastEthernet0/0 overload
access-list 10 permit 192.168.4.64 0.0.0.255 --> PAT FROM 192.168.4.64 - .255
OR
access-list 10 permit 192.168.4.64 0.0.0.191
John
You cannot cover the whole range with one entry - try this
access-list 101 permit ip 192.168.4.64 0.0.0.63 any
access-list 101 permit ip 192.168.4.128 0.0.0.127 any
ip nat inside source list 101 interface fa0/0 overload
Jon
10-25-2010 06:52 PM
hi jon,
thanks for your feedback! is standard ACL also applicable for this case?
access-list 10 permit ip 192.168.4.64 0.0.0.63
access-list 10 permit ip 192.168.4.128 0.0.0.127
ip nat inside source list 10 interface fa0/0 overload
10-26-2010 12:41 AM
johnlloyd_13 wrote:
hi jon,
thanks for your feedback! is standard ACL also applicable for this case?
access-list 10 permit ip 192.168.4.64 0.0.0.63
access-list 10 permit ip 192.168.4.128 0.0.0.127
ip nat inside source list 10 interface fa0/0 overload
John
I always use an extended list because i have seen cases where a standard acl just doesn't work.
Jon
10-26-2010 12:44 AM
thanks jon! will try what you suggested.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide