pat on ios

acomiskey · ‎07-25-2007

IOS newbie here trying to pat inside hosts to the address on e1/0.

I'm sure there's not much to it, any help would be great. Thanks everyone.

sundar.palaniappan · ‎07-25-2007

R1(config)#ip nat inside source list 100 interface e1/0 overload

R1(config)#access-list 100 permit ip any any

R1(config)#int e1/0

R1(config-if)#ip nat outside

R1(config-if)#int e0/0

R1(config-if)#ip nat inside

Am sure you know if you want to be specific about the inside network to be NATted then change the access list accordingly.

HTH

Sundar

acomiskey · ‎07-25-2007

Thanks, so this is really how it is. Would it still be the same. Should e1/0 be "ip nat outside"?

Hosts inside FastEthernet0/0 are going out through e1/0.

sundar.palaniappan · ‎07-25-2007

Oops sorry e1/0 should be outside. I corrected my previous post to reflect that.

You are correct. This is the IOS equivalent of the PIX global (outside) 1 interface command.

HTH

Sundar

acomiskey · ‎07-25-2007

No problems, I figured it was just a typo.

Jon Marshall · ‎07-25-2007

Hi Adam

If inside hosts are 192.168.1.0 255.255.255.0 and assuming they connect on e0/0 interface

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface e1/0 overload

interface e0/0

ip nat inside

interface e1/0

ip nat outside

HTH

Jon

acomiskey · ‎07-25-2007

Thanks guys...

I had

access-list 1 permit 0.0.0.0

and it didn't work?

sundar.palaniappan · ‎07-25-2007

Adam,

I believe you need to use an extended access list for NAT in IOS. Although I may have seen it work with a standard access list.

Glad you got it to work :-)

HTH

Sundar

Jon Marshall · ‎07-25-2007

Hi Sundar

You can use a normal access-list with NAT on IOS. Extended access-lists are useful if you want to do policy NAT.

Jon

sundar.palaniappan · ‎07-25-2007

Jon,

I thought so but I wasn't positive about it.

Apparently the reason why the standard ACL Adam using wasn't working is because it was showing as 'host 0.0.0.0' rather than 'any'.

HTH

Sundar