Hello everyone, I'm playing with a 2611 router just for fun. I have gotten the router to do NAT, but I'm wondering if anyone has any solid & secure configuration files for setting up a router such as the 2611 to do NAT. I haven't completely gotten a grasp on access lists. For example, I could telnet to the router from the outside.
You can use access-lists to define which addresses on the inside interface/network will be translated with the permit and deny conditions. With the example you that have posted, you are permitting ONLY the network 10.68.20.0/24 to be translated. So for example, the Ethernet0/0 ip add (10.68.20.1) will be translated to the ip add of Ethernet0/1 (xx.xx.xx.xx) before going out Eth0/1. Similarly, for example, a host with an ip add of 10.68.20.27 will use xx.xx.xx.xx as its outside ip address.
And with the "overload" command, which performs PAT (Port Address Translation), every host on the network 10.68.20.0/24 will use the ip add of Eth0/1 as its outside address. Which means if all the 254 hosts are connecting to the outside, the will have the same translated ip addresses but the router will be able to differentiate them based on the port number that it has assigned each host.
"ip nat inside" indicates that the interface is connected to the inside network (the network subject to NAT translation).
"ip nat outside" indicates that the interface is connected to the outside network.
"ip nat inside source list 1 interface Ethernet0/1 overload " indicates that access-list 1
is the source inside network and will use interface Eth0/1's ip add as its outside address.
The following URL is a common example in using NAT:
Thanks for the info... How can I get a CCO account?? Would this allow us to download the updates for our PIX 515 and VPN conncentrator (they were installed by an outside client before I started at the company)
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...