Cisco IOS Firewall

Unanswered Question
Oct 1st, 2007
User Badges:

Hi,


I have applied an ACL inbound on the internet interface to secure the router, but some internal networks cannot access the internet. My ACL looks like this.


ip access-list extended InternetIn

remark "Allow inbound Web"

permit tcp any eq www host 209.85.165.104


I have PAT configured for my inside workstations(2.2.2.0/24) to 209.85.165.104


I have NAT for my servers private IP 1.1.1.1 public IP 209.85.165.104


All servers, even those those that don't have a one to one NAT can access the internet, but the workstations on 2.2.2.0/24 network cannot


any ideas why

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 10/01/2007 - 18:18
User Badges:
  • Green, 3000 points or more

Try this.


for PAT use your outbound interface ip address.


Assume


Interface fe0/1 ( Facing internet public IP )

ip address 30.30.30.30 255.255.255.252

ip nat outside


interface fe0/2 ( Inside network )

ip address 2.2.2.2 255.255.255.0

ip nat inside



ip nat pool mypool 30.30.30.30 30.30.30.30 netmask 255.255.255.252

ip nat inside source list 10 pool mypool overload


access-list 10 permit 2.2.2.0 0.0.0.255 log


if you have problems please post your config.





Actions

This Discussion