Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
1
Replies

ACL in NAT

worldcalltel
Level 1
Level 1

‎10-10-2006 02:57 AM - edited ‎02-20-2020 09:37 PM

Is it possible that you will implement a ip nat inside or ip nat outside on the interface and at the same time implement a ip access-group 5 in/out in the same interface.

I try this configuration implement a static and dynamic NAT. but when i try to include a more specific acl that aren't included in the translation i always can't go thru. e.g

int fa0/0

ip address 192.168.1.1/24

ip nat outside

ip access-group 200 in

duplex half

int fa0/1

ip address 172.16.1.1/24

ip nat inside

duplex half

access-list 5 deny 172.16.1.2

access-list 5 permit 172.16.0.0 0.0.0.255

ip nat pool limit 192.168.1.1 192.168.1.20 netmask 255.255.255.0

ip nat inside source list 1 pool limit

ip nat inside source static 172.16.1.2 192.168.1.2

access-list 200 permit tcp 10.10.10.10 eq 22 192.168.1.10 eq 22

after i apply this on the interface, the internet connection of other translation have blocked to the outside.

Labels:
0 Helpful
1 Reply 1

grant.maynard
Level 4
Level 4

‎10-11-2006 04:22 AM

Your ACL is correct in that it should refer to the outside (NATed) IP addresses. But your ACL entry refers to one of the NAT pool - it should refer to a static NAT.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents