Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
1
Replies

Cisco IOS Firewall

p.holley
Level 1
Level 1

‎10-01-2007 11:50 AM

Hi,

I have applied an ACL inbound on the internet interface to secure the router, but some internal networks cannot access the internet. My ACL looks like this.

ip access-list extended InternetIn

remark "Allow inbound Web"

permit tcp any eq www host 209.85.165.104

I have PAT configured for my inside workstations(2.2.2.0/24) to 209.85.165.104

I have NAT for my servers private IP 1.1.1.1 public IP 209.85.165.104

All servers, even those those that don't have a one to one NAT can access the internet, but the workstations on 2.2.2.0/24 network cannot

any ideas why

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎10-01-2007 06:18 PM

Try this.

for PAT use your outbound interface ip address.

Assume

Interface fe0/1 ( Facing internet public IP )

ip address 30.30.30.30 255.255.255.252

ip nat outside

interface fe0/2 ( Inside network )

ip address 2.2.2.2 255.255.255.0

ip nat inside

ip nat pool mypool 30.30.30.30 30.30.30.30 netmask 255.255.255.252

ip nat inside source list 10 pool mypool overload

access-list 10 permit 2.2.2.0 0.0.0.255 log

if you have problems please post your config.

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents