help on with this NAT and ACL

yrwinsyrwins Member Posts: 81 ■■□□□□□□□□
access-list 1 deny host
> DENY a Host, OK
access-list 1 permit
> Permit this network OK, 192.168.0.x
ip nat inside source static
> what it's this ( the Host it's not DENY? from the first comand?
ip nat pool MYPOOL netmask ----> Pool of 3 IP address OK.
ip nat inside source list 1 pool MYPOOL overload
> it's a PAT OK
interface e0
ip nat inside
interface S0
ip nat ouside


  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    It makes more sense if you put a blank line between the first two lines in which you create the access list, the next three lines in which you configure NAT/PAT, and the last four lines in which you enable NAT/PAT on the interfaces.

    LINE 3: internal client will ALWAYS be given and appear to the outside world as
    LINE 5: The rest of the internal clients on the 192.168.0.x network, if not blocked by the applied access list, will share 3 external IP addresses for their internet access.

    Client 0.25 is already getting Internet access with it's own static external IP *before* the access list is applied and blocks it from getting Internet access via PAT using the 3 shared external IP addresses.

    Hope that makes some sense.
Sign In or Register to comment.