Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT vs ACL

Hello.

I am setting up a Barracuda VPN.  Please take a look at the requirements and my config.   Is this the best way to handle this task?  Thanks

These are the ports on the appliance that need access.  It also states the GRE (IP protocol 47) In/Out direction must be allowed for PPTP to function.

Capture.JPG

I used static NAT configuration to enable this...here is a screen shot of the CCP

Capture2.JPG

However, when I look at my config, I dont see the outside to inside rules...is this because all outgoing traffic is already permitted by ACL 1?

interface GigabitEthernet0/0

description $ETH-WAN$

ip ddns update DYNDNS

ip address dhcp client-id GigabitEthernet0/0

ip nat outside

ip virtual-reassembly

duplex auto speed auto

no cdp enable no mop enabled

!

interface GigabitEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

ip forward-protocol nd

!

ip http server

ip http secure-server

!

ip nat inside

source list 1 interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.168.1.4 80 interface GigabitEthernet0/0 80

ip nat inside source static tcp 192.168.1.111 4125 interface GigabitEthernet0/0 4125

ip nat inside source static tcp 192.168.1.111 3389 interface GigabitEthernet0/0 3389

ip nat inside source static tcp 192.168.1.111 443 interface GigabitEthernet0/0 443

ip nat inside source static tcp 192.168.1.106 90 interface GigabitEthernet0/0 90

ip nat inside source static tcp 192.168.1.106 3660 interface GigabitEthernet0/0 3660

ip nat inside source static tcp 192.168.1.106 3663 interface GigabitEthernet0/0 3663

ip nat inside source static tcp 192.168.1.106 4665 interface GigabitEthernet0/0 4665

ip nat inside source static tcp 192.168.1.4 22 interface GigabitEthernet0/0 22

ip nat inside source static tcp 192.168.1.4 25 interface GigabitEthernet0/0 25

ip nat inside source static tcp 192.168.1.4 53 interface GigabitEthernet0/0 53

ip nat inside source static udp 192.168.1.4 53 interface GigabitEthernet0/0 53

ip nat inside source static udp 192.168.1.4 123 interface GigabitEthernet0/0 123

ip nat inside source static tcp 192.168.1.4 389 interface GigabitEthernet0/0 389

ip nat inside source static udp 192.168.1.4 500 interface GigabitEthernet0/0 500

ip nat inside source static tcp 192.168.1.4 636 interface GigabitEthernet0/0 636

ip nat inside source static tcp 192.168.1.4 1723 interface GigabitEthernet0/0 1723

ip nat inside source static udp 192.168.1.4 4500 interface GigabitEthernet0/0 4500

!

ip radius source-interface GigabitEthernet0/1

logging trap debugging

logging 192.168.1.113

access-list 1 remark INSIDE_IF=GigabitEthernet0/1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

Thanks for taking a look

Best Regards, Roger

Everyone's tags (2)
537
Views
0
Helpful
0
Replies
CreatePlease to create content