Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACL in NAT

Is it possible that you will implement a ip nat inside or ip nat outside on the interface and at the same time implement a ip access-group 5 in/out in the same interface.

I try this configuration implement a static and dynamic NAT. but when i try to include a more specific acl that aren't included in the translation i always can't go thru. e.g

int fa0/0

ip address 192.168.1.1/24

ip nat outside

ip access-group 200 in

duplex half

int fa0/1

ip address 172.16.1.1/24

ip nat inside

duplex half

access-list 5 deny 172.16.1.2

access-list 5 permit 172.16.0.0 0.0.0.255

ip nat pool limit 192.168.1.1 192.168.1.20 netmask 255.255.255.0

ip nat inside source list 1 pool limit

ip nat inside source static 172.16.1.2 192.168.1.2

access-list 200 permit tcp 10.10.10.10 eq 22 192.168.1.10 eq 22

after i apply this on the interface, the internet connection of other translation have blocked to the outside.

1 REPLY

Re: ACL in NAT

Your ACL is correct in that it should refer to the outside (NATed) IP addresses. But your ACL entry refers to one of the NAT pool - it should refer to a static NAT.

110
Views
0
Helpful
1
Replies
CreatePlease to create content