Unanswered Question
Oct 10th, 2006
User Badges:

Is it possible that you will implement a ip nat inside or ip nat outside on the interface and at the same time implement a ip access-group 5 in/out in the same interface.

I try this configuration implement a static and dynamic NAT. but when i try to include a more specific acl that aren't included in the translation i always can't go thru. e.g

int fa0/0

ip address

ip nat outside

ip access-group 200 in

duplex half

int fa0/1

ip address

ip nat inside

duplex half

access-list 5 deny

access-list 5 permit

ip nat pool limit netmask

ip nat inside source list 1 pool limit

ip nat inside source static

access-list 200 permit tcp eq 22 eq 22

after i apply this on the interface, the internet connection of other translation have blocked to the outside.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
grant.maynard Wed, 10/11/2006 - 04:22
User Badges:
  • Silver, 250 points or more

Your ACL is correct in that it should refer to the outside (NATed) IP addresses. But your ACL entry refers to one of the NAT pool - it should refer to a static NAT.


This Discussion