help on with this NAT and ACL
yrwins
Member Posts: 81 ■■□□□□□□□□
in CCNA & CCENT
access-list 1 deny host 192.168.0.25
> DENY a Host, OK 192.168.0.25
access-list 1 permit 192.168.0.0 0.0.0.255
> Permit this network OK, 192.168.0.x
ip nat inside source static 192.168.0.25 24.1.1.1.2
> what it's this (24.1.1.2) the Host it's not DENY? from the first comand?
ip nat pool MYPOOL 24.1.1.3 24.1.1.6 netmask 255.255.255.0 ----> Pool of 3 IP address OK.
ip nat inside source list 1 pool MYPOOL overload
> it's a PAT OK
interface e0
ip nat inside
interface S0
ip nat ouside
> DENY a Host, OK 192.168.0.25
access-list 1 permit 192.168.0.0 0.0.0.255
> Permit this network OK, 192.168.0.x
ip nat inside source static 192.168.0.25 24.1.1.1.2
> what it's this (24.1.1.2) the Host it's not DENY? from the first comand?
ip nat pool MYPOOL 24.1.1.3 24.1.1.6 netmask 255.255.255.0 ----> Pool of 3 IP address OK.
ip nat inside source list 1 pool MYPOOL overload
> it's a PAT OK
interface e0
ip nat inside
interface S0
ip nat ouside
Comments
-
GDaines Member Posts: 273 ■■■□□□□□□□It makes more sense if you put a blank line between the first two lines in which you create the access list, the next three lines in which you configure NAT/PAT, and the last four lines in which you enable NAT/PAT on the interfaces.
LINE 3: 192.168.0.25 internal client will ALWAYS be given and appear to the outside world as 24.1.1.2
LINE 5: The rest of the internal clients on the 192.168.0.x network, if not blocked by the applied access list, will share 3 external IP addresses for their internet access.
Client 0.25 is already getting Internet access with it's own static external IP *before* the access list is applied and blocks it from getting Internet access via PAT using the 3 shared external IP addresses.
Hope that makes some sense.