Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2190
Views
25
Helpful
17
Replies

Route only traffic from specific WAN IP addresses

Go to solution
CorporateITGuy
Level 1
Level 1

‎09-23-2021 01:39 PM

Going from a Netgear router that has a GUI that is built in and that I understand and moving to a Cisco router, c897va-k9, that has nothing but CLI that I am almost entirely unfamiliar with. Have gotten some help from the Cisco community but keep running into more problems.

 

Current problem is trying to figure out how to only apply a nat rule when its coming from specific IP Address(es). I can set up nat rules for “general” purpose:

 

#ip nat inside source static [local_ip] [public_ip]

or

#ip nat inside source static tcp [local_ip] [port] [public_ip] [port]

 

But I am not sure how to restrict them to only apply these rules to say 50.50.50.50

 

Thank you for any and all help!

0 Helpful
17 Replies 17

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to CorporateITGuy

‎10-12-2021 12:23 PM

You are welcome. You ask an interesting (and important question) "Does access-list 1 affect anything when it hasn't been applied to any interface?" Let me start my explanation with a generalization - an access list by itself does not do anything. To do something the access list must be applied. We most often think of applying an acl to an interface to filter traffic. But acl can be applied in other ways. For example an access list can be applied to identify traffic for QOS, or an acl can be used to control routing updates for some of the routing protocols, or an acl can be used to control who is allowed remote access to the device. This is how you are applying access list 1 in your configuration 

ip nat inside source list 1 interface GigabitEthernet8 overload

So your address translation is using access list 1.

Then let me respond to something else you say "its traffic can't get out of my network after I apply any access list" Is it really that traffic does not get out? How do you know that it did not get out? We usually know it got out because we received a response. But if we did not receive a response does that mean that it did not get out? Or could it mean that the traffic got out but that the response coming back did not make it?

I am glad that removing the extra static default route seems to have helped. This is a subtle issue but it can have an impact.

Where do things stand in terms of getting traffic to flow as you want?

 

 

HTH

Rick

Go to solution
CorporateITGuy
Level 1
Level 1
In response to Richard Burts

‎10-12-2021 02:27 PM

At this point traffic flows in and out ( which is an improvement ) now I just need to start direct it the way that we need. Which at this point is looking like trial and error. But I can at least try different things, where as before I couldn't even test anything so I am making improvements. 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to CorporateITGuy

‎10-12-2021 10:30 PM

I am glad that you are making progress. Go ahead and try some things. If you have further questions, or if you get stuck on something feel free to post again in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card