Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and Access-lists

Question:

When creating an inbound access list on a serial port connected to the Internet that is performing NAT (Serial is the NAT Outside interface), which IP address should be specified in permit statements, the internal Inside local (i.e 10.1.1.x) or the Inside global or public address of the translation?

For example:

access-list 105 permit tcp any eq 80 10.1.1.0 0.0.0.255

or

access-list 105 permit tcp any eq 80 xxx.xxx.xxx.0 0.0.0.255

(where xxx.xxx.xxx is the range of public ip addresses?)

Any help would be appreciated!!

1 REPLY
New Member

Re: NAT and Access-lists

Your inbound access-list should refer to the public IP addresses.

89
Views
0
Helpful
1
Replies