Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Green

pat on ios

IOS newbie here trying to pat inside hosts to the address on e1/0.

I'm sure there's not much to it, any help would be great. Thanks everyone.

9 REPLIES

Re: pat on ios

R1(config)#ip nat inside source list 100 interface e1/0 overload

R1(config)#access-list 100 permit ip any any

R1(config)#int e1/0

R1(config-if)#ip nat outside

R1(config-if)#int e0/0

R1(config-if)#ip nat inside

Am sure you know if you want to be specific about the inside network to be NATted then change the access list accordingly.

HTH

Sundar

Green

Re: pat on ios

Thanks, so this is really how it is. Would it still be the same. Should e1/0 be "ip nat outside"?

Hosts inside FastEthernet0/0 are going out through e1/0.

Re: pat on ios

Oops sorry e1/0 should be outside. I corrected my previous post to reflect that.

You are correct. This is the IOS equivalent of the PIX global (outside) 1 interface command.

HTH

Sundar

Green

Re: pat on ios

No problems, I figured it was just a typo.

Hall of Fame Super Blue

Re: pat on ios

Hi Adam

If inside hosts are 192.168.1.0 255.255.255.0 and assuming they connect on e0/0 interface

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface e1/0 overload

interface e0/0

ip nat inside

interface e1/0

ip nat outside

HTH

Jon

Green

Re: pat on ios

Thanks guys...

I had

access-list 1 permit 0.0.0.0

and it didn't work?

Re: pat on ios

Adam,

I believe you need to use an extended access list for NAT in IOS. Although I may have seen it work with a standard access list.

Glad you got it to work :-)

HTH

Sundar

Hall of Fame Super Blue

Re: pat on ios

Hi Sundar

You can use a normal access-list with NAT on IOS. Extended access-lists are useful if you want to do policy NAT.

Jon

Re: pat on ios

Jon,

I thought so but I wasn't positive about it.

Apparently the reason why the standard ACL Adam using wasn't working is because it was showing as 'host 0.0.0.0' rather than 'any'.

HTH

Sundar

104
Views
20
Helpful
9
Replies
CreatePlease to create content