|
Posted by pbass83 on May 16, 2008, 8:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options > pbass83 wrote:
> > Hi everyone,
> > I setup a PAT overload on a 2611 router to allow some workstations
> > internet access. I also want to setup a static NAT for a web/ftp
> > server. Is it possible to do both simultaneously without opening up
> > everything?
> > pete
>
> Absolutely.
>
> The following is not a complete configuration; just some ACLs:
>
> ip access-list extended nat-src
> remark --- Inside source addresses dynamically translated via PAT
> overload.
> permit ip 192.168.1.0 0.0.0.255 any
>
> ip nat inside source list nat-src interface Ethernet1 overload
>
> ip nat inside source static tcp 192.168.1.50 21 interface Ethernet1 21
> ip nat inside source static tcp 192.168.1.50 80 interface Ethernet1 80
>
> Typically, you'd use an ACL on the inside interface to address outbound
> traffic, with inspection to facilitate the return path.
>
> Likewise, you'd use an ACL on the outside interface to address inbound
> traffic (i.e.: to your server), with inspection to facilitate the return
> path.
>
> Best Regards,
> News Reader
News Reader,
Thanks very much for the advice. I
pete
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map