Cisco IOS Firewall

p.holley · ‎10-01-2007

Hi,

I have applied an ACL inbound on the internet interface to secure the router, but some internal networks cannot access the internet. My ACL looks like this.

ip access-list extended InternetIn

remark "Allow inbound Web"

permit tcp any eq www host 209.85.165.104

I have PAT configured for my inside workstations(2.2.2.0/24) to 209.85.165.104

I have NAT for my servers private IP 1.1.1.1 public IP 209.85.165.104

All servers, even those those that don't have a one to one NAT can access the internet, but the workstations on 2.2.2.0/24 network cannot

any ideas why

JORGE RODRIGUEZ · ‎10-01-2007

Try this.

for PAT use your outbound interface ip address.

Assume

Interface fe0/1 ( Facing internet public IP )

ip address 30.30.30.30 255.255.255.252

ip nat outside

interface fe0/2 ( Inside network )

ip address 2.2.2.2 255.255.255.0

ip nat inside

ip nat pool mypool 30.30.30.30 30.30.30.30 netmask 255.255.255.252

ip nat inside source list 10 pool mypool overload

access-list 10 permit 2.2.2.0 0.0.0.255 log

if you have problems please post your config.

Jorge Rodriguez