ACL and Overload Nating

Junior Mateus · ‎08-10-2010

Hi everybody,

i´m new ccna IT,

In my network, we use the routeur to make some Acl for Internet or other protocole !

u can see one of my configuration:

interface FastEthernet0/0
description INTERNAL INF
ip address 10.20.1.X 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description OUTSIDE INF
ip address 212.96.X.X 255.255.X.X
ip nat outside
duplex full
speed auto
no mop enabled

and i make some nat like :

ip nat inside source list 3 interface FastEthernet0/1 overload

access-list 3 permit 10.2.1.0 0.0.0.7
access-list 3 permit 10.2.10.0 0.0.0.7
access-list 3 permit 10.20.0.0 0.0.255.255

access-list 101 permit ip host 10.2.1.140 any
access-list 101 permit ip host 10.2.1.144 any
access-list 101 permit ip host 10.2.1.153 any
access-list 101 permit ip host 10.2.1.154 any
access-list 101 permit ip host 10.2.1.80 any

My question iz , for the seconde ACL "101", if it possible to make another nat overlaod like" ip nat inside source list 101 int f0/1 overload"

If there isn´t problems to have 2 nating overload ?

Jon Marshall · ‎08-10-2010

Just use one acl ie. combine acl 3 and acl 101.

Jon

Junior Mateus · ‎08-10-2010

hi jonh

Thanx for answer but,

i don understand when u say just one acl ?

u mean one acl for combin the 3 and 101 ? How?

How can i configure the nat overload ?

Jon Marshall · ‎08-10-2010

Junior

mateusjunior wrote:

hi jonh

Thanx for answer but,

i don understand when u say just one acl ?

u mean one acl for combin the 3 and 101 ? How?

How can i configure the nat overload ?

Junior

I personally like to use extended acls (ie numbers 100 - 199) so change your this in your config -

access-list 3 permit 10.2.1.0 0.0.0.7

access-list 3 permit 10.2.10.0 0.0.0.7

access-list 3 permit 10.20.0.0 0.0.255.255

access-list 101 permit ip host 10.2.1.140 any

access-list 101 permit ip host 10.2.1.144 any

access-list 101 permit ip host 10.2.1.153 any

access-list 101 permit ip host 10.2.1.154 any

access-list 101 permit ip host 10.2.1.80 any

to

access-list 101 permit 10.2.1.0 0.0.0.7 any

access-list 101 permit 10.2.10.0 0.0.0.7 any

access-list 101 permit 10.20.0.0 0.0.255.255

access-list 101 permit ip host 10.2.1.140 any

access-list 101 permit ip host 10.2.1.144 any

access-list 101 permit ip host 10.2.1.153 any

access-list 101 permit ip host 10.2.1.154 any

access-list 101 permit ip host 10.2.1.80 any

and then change -

ip nat inside source list 3 interface FastEthernet0/1 overload

to

ip nat inside source list 101 inteface fa0/1 overload

Jon

Junior Mateus · ‎08-10-2010

Realy thanx Jone

I do this ! and it walk !

And one thing that wasn´t understand, that my connection was very fat right now......Thanx to u

bonnyface · ‎08-10-2010

Hi Jon,

Great seeing your tips to Junior. I enjoyed reading the post.

Please help me with a scenario below:

I have an Apple Time Capsule gateway and port mapping is configured. However, I have to replace the Time Capsule with a Cisco 1841 router. I am stuck with how to transfer the current port mappings on the Time Capsule to the Cisco router.

At the moment, my current ACL & PAT configuration on the router are as below:

ip nat pool office 212.xxx.xxx.2x0 212.xxx.xxx.2x0 netmask 255.255.255.252

access-list 10 permit 10.0.1.0 0.0.0.255

access-list 10 permit 172.16.1.0 0.0.0.255

access-list 10 permit 192.168.2.0 0.0.0.255

ip nat inside source list 10 interface fa0/0 overload

!!int fa0/0 is configured with 212.xxx.xxx.2x0

Grateful for any response.

Regards,