standard NAT acl for n given hosts only

Answered Question
Apr 30th, 2009
User Badges:

how to change a standard acl from NATing the whole following subnet:


ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit 10.120.50.0 0.0.0.255


... to some specific hosts on it ... say 10.120.50.1, .3, .5, and .7 only ?


ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit 10.120.50.1 0.0.0.255

access-list 1 permit 10.120.50.3 0.0.0.255

access-list 1 permit 10.120.50.5 0.0.0.255

access-list 1 permit 10.120.50.7 0.0.0.255


... are the second acl netmask the right ones ?


1841 IOS 12.4(23)


Correct Answer by John Blakley about 7 years 11 months ago

If you're doing just hosts, then you would do:


access-list 1 permit host 10.120.50.1

access-list 1 permit host 10.120.50.3

etc....


HTH,

John

Correct Answer by Edison Ortiz about 7 years 11 months ago

Should be


ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit host 10.120.50.1

access-list 1 permit host 10.120.50.3

access-list 1 permit host 10.120.50.5

access-list 1 permit host 10.120.50.7


HTH,


__


Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Edison Ortiz Thu, 04/30/2009 - 10:21
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Should be


ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit host 10.120.50.1

access-list 1 permit host 10.120.50.3

access-list 1 permit host 10.120.50.5

access-list 1 permit host 10.120.50.7


HTH,


__


Edison.

Correct Answer
John Blakley Thu, 04/30/2009 - 10:21
User Badges:
  • Purple, 4500 points or more

If you're doing just hosts, then you would do:


access-list 1 permit host 10.120.50.1

access-list 1 permit host 10.120.50.3

etc....


HTH,

John

Actions

This Discussion