07-04-2009 02:10 PM - edited 03-04-2019 05:19 AM
Hi,
Is this a secure NAT Overload configuration, what I mean "Nobody from Public Network can access private NATTED Box"
interface fa0/0
ip nat inside
interface s0/0
ip nat outside
access-list 100 permit ip 192.168.1.100 255.255.255.255 any
ip nat inside source list 100 interface serial 0/0 overload
07-04-2009 03:19 PM
Correct, nobody from outside can access inside, all connections must be initiated from inside.
You can also use a standard ACL to the same effect.
07-04-2009 07:00 PM
If the 192.168.1.100 is in the INSIDE then this is good....
07-04-2009 09:40 PM
Thanks
192.168.1.100 is ISA Server IP, will there be any performance impact using NAT OverLoad.
********
Is the following configuration Secured ( Anyone from outside cannot initiate connection )
********Configuration ******************
****************************************
ip subnet-zero
ip domain lookup source-interface FastEthernet0/0
ip name-server 4.4.4.4
interface FastEthernet0/0
description Connected to ISP
ip address 10.10.10.66 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Connection to LAN-Switch
ip address 192.168.1.100 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.65
ip route 172.20.16.0 255.255.255.0 192.168.1.1
no ip http server
no ip http secure-server
ip nat inside source static 192.168.1.101 10.10.10.68
ISA Server : 192.168.1.101
Public IP : 10.10.10.68
07-05-2009 09:11 AM
You have been told already that is ok.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide