Options
2 outside NAT Interferances.
DANMOH009
Member Posts: 241
in CCNA & CCENT
Was wondering I have a router with 4 interfaces 2 route to local LANs and 2 route to external IPs (Servers)
I am playing around with ACL and Nat in PT as was wondering whether or not you can have 2 outside interfaces, i read somewhere there should only be one,
I have attached my running config below, just in case anyone needs it. Again this is done in PT so dont worry bout the IP address's
!
hostname R1
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 198.0.0.1 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 199.0.0.1 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat pool NONS 199.0.0.1 199.0.0.4 netmask 255.255.255.248
ip nat pool SERVER 198.0.0.1 198.0.0.5 netmask 255.255.255.248
ip nat inside source list 10 pool SERVER overload
ip nat inside source list 101 pool NONS overload
ip classless
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 101 deny tcp host 192.168.2.10 host 199.0.0.2 eq www
access-list 101 deny tcp host 192.168.1.10 host 199.0.0.1 eq www
access-list 101 permit ip host 192.168.2.10 host 199.0.0.2
access-list 101 permit ip host 192.168.1.10 host 199.0.0.2
access-list 101 permit tcp host 192.168.2.100 host 199.0.0.2 eq www
access-list 101 permit tcp host 192.168.1.100 host 199.0.0.2 eq www
!
!
!
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
login
!
!
!
end
Any help would be great.
Cheers
I am playing around with ACL and Nat in PT as was wondering whether or not you can have 2 outside interfaces, i read somewhere there should only be one,
I have attached my running config below, just in case anyone needs it. Again this is done in PT so dont worry bout the IP address's
!
hostname R1
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 198.0.0.1 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 199.0.0.1 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat pool NONS 199.0.0.1 199.0.0.4 netmask 255.255.255.248
ip nat pool SERVER 198.0.0.1 198.0.0.5 netmask 255.255.255.248
ip nat inside source list 10 pool SERVER overload
ip nat inside source list 101 pool NONS overload
ip classless
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 101 deny tcp host 192.168.2.10 host 199.0.0.2 eq www
access-list 101 deny tcp host 192.168.1.10 host 199.0.0.1 eq www
access-list 101 permit ip host 192.168.2.10 host 199.0.0.2
access-list 101 permit ip host 192.168.1.10 host 199.0.0.2
access-list 101 permit tcp host 192.168.2.100 host 199.0.0.2 eq www
access-list 101 permit tcp host 192.168.1.100 host 199.0.0.2 eq www
!
!
!
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
login
!
!
!
end
Any help would be great.
Cheers