cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
267
Views
0
Helpful
1
Replies

ACL help

james.stickland
Level 1
Level 1

Hello, i have a router configured as so:

net--inside--e0-[R]-e1--outside-->net

I am translating inside addresses

on e0's network to the address configured for e1.

What i would like to do is stop packets originating or destined (not forwarded) from/to the router to be blocked. Unfortunately, i am using overloaded PAT, so by blocking packets from or to e1's IP it also blocks the NATed IPs.

Does anyone have a good suggestion for ways around this? Could i maybe apply a secondary IP to the e1 interface and force the router to use that for all locally created and destined packets?

I guess i could also set up dynamic NAT and use a pool, and filter out connections to the IP that is for the router itself.

Any suggestions please...

1 Reply 1

prince123
Level 1
Level 1

Hi,

I assume you are using an ACL for overload and under this ACL you have permitted any traffic sourced inside Lan subnet.

The objective is not to allow any traffic to originate from router or any traffic to come to router.

Solution:

1> under the ACL bring an ACL sequence where in you deny the traffic sourced from any IP that is configured on router from LAN subnet

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: