09-01-2008 02:00 AM - edited 03-06-2019 01:06 AM
Hi,
I would like to accomplish the following scenario:
Deny NAT from any local to local address.
Permit NAT from 172.16.100.0/24 to any global address using the OG ip on Lo10.
Permit NAT from 172.16.101.0/24 to any global address using the OG ip on Lo11.
Permit NAT from any local address to any global address using the OG ip on Eth0.
How am I going to accompish this?
PS. I described it as NAT but I actually mean PAT, so I would like to use overloading.
09-01-2008 02:24 AM
ip nat inside list 101 interface loop0 overlload
ip nat inside list 102 interface loop1 overload
ip nat inside list 103 interface ether0 overload
access-list 101 deny local local
access-list 101 permite 172.16.100.0 0.0.0.255 any
same with access-list 102
and same with access-list 103
i hope this helps.
09-01-2008 02:26 AM
try
access-list 100 permit ip 172.16.100.0 255.255.255.0 any
access-list 101 permit ip 172.16.101.0 255.255.255.0 any
accessaccess-list 102 permit ip any any
then
ip nat source list 100 interface Lo10 overload
ip nat source list 101 interface Lo11 overload
ip nat source list 102 interface Eth0 overload
apply the ip nat inside and ip nat outisde on the right places
good luck
if helpful Rate
09-01-2008 04:03 AM
Dear Marwanshawi,
your configuration doesnt comply with requirements. look access-list 100 permits everything from 172.16.100.0.... and this includes 172.16.101.0....
that is why i added the deny statements in the access-list so that local networks can talk to each other without any problems. the deny statement in the network will stop translation for these networks.
i hope u understand what i am trying to say.
regards
09-01-2008 04:06 AM
nice of u amit :)
09-01-2008 09:22 AM
Ok but does the router use best match to match the specific ACL? Because a packet from 172.16.100.10 to any which should match ACL 100 also matches ACL 102.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: