Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL help

Hello, i have a router configured as so:

net--inside--e0-[R]-e1--outside-->net

I am translating inside addresses

on e0's network to the address configured for e1.

What i would like to do is stop packets originating or destined (not forwarded) from/to the router to be blocked. Unfortunately, i am using overloaded PAT, so by blocking packets from or to e1's IP it also blocks the NATed IPs.

Does anyone have a good suggestion for ways around this? Could i maybe apply a secondary IP to the e1 interface and force the router to use that for all locally created and destined packets?

I guess i could also set up dynamic NAT and use a pool, and filter out connections to the IP that is for the router itself.

Any suggestions please...

1 REPLY
New Member

Re: ACL help

Hi,

I assume you are using an ACL for overload and under this ACL you have permitted any traffic sourced inside Lan subnet.

The objective is not to allow any traffic to originate from router or any traffic to come to router.

Solution:

1> under the ACL bring an ACL sequence where in you deny the traffic sourced from any IP that is configured on router from LAN subnet

110
Views
0
Helpful
1
Replies
CreatePlease to create content