07-04-2009 02:10 PM - edited 03-04-2019 05:19 AM
Hi,
Is this a secure NAT Overload configuration, what I mean "Nobody from Public Network can access private NATTED Box"
interface fa0/0
ip nat inside
interface s0/0
ip nat outside
access-list 100 permit ip 192.168.1.100 255.255.255.255 any
ip nat inside source list 100 interface serial 0/0 overload
07-04-2009 03:19 PM
Correct, nobody from outside can access inside, all connections must be initiated from inside.
You can also use a standard ACL to the same effect.
07-04-2009 07:00 PM
If the 192.168.1.100 is in the INSIDE then this is good....
07-04-2009 09:40 PM
Thanks
192.168.1.100 is ISA Server IP, will there be any performance impact using NAT OverLoad.
********
Is the following configuration Secured ( Anyone from outside cannot initiate connection )
********Configuration ******************
****************************************
ip subnet-zero
ip domain lookup source-interface FastEthernet0/0
ip name-server 4.4.4.4
interface FastEthernet0/0
description Connected to ISP
ip address 10.10.10.66 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Connection to LAN-Switch
ip address 192.168.1.100 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.65
ip route 172.20.16.0 255.255.255.0 192.168.1.1
no ip http server
no ip http secure-server
ip nat inside source static 192.168.1.101 10.10.10.68
ISA Server : 192.168.1.101
Public IP : 10.10.10.68
07-05-2009 09:11 AM
You have been told already that is ok.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: