Cisco 1600 Series Router NAT Config - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Cisco 1600 Series Router NAT Config

  1. #11
    Member
    Join Date
    Jun 2002
    Posts
    44
    Nat is very simple you configure.

    Requirements

    1 ip nat inside - under an interface (usually the inside ethernet interface)

    2 ip nat outside - under an interface (usually the outside serial or ethernet interface)

    3 access-list 10 permit 192.168.1.0 0.0.0.255 - an access list to permit your internal network ips to use nat. configure this as your internal ip addresses

    4 ip nat inside source list 10 interface (outside interface) - lets say you dont want to waste ip addresses you are going to use PAT. this will have all your internal ips use the outside interface address to route on the internet.

    heres an example


    ethernet0
    ip address 192.168.10.1
    ip nat inside

    ethernet1
    ip address 216.54.100.1
    ip nat outside

    ip nat inside source list 8 interface ethernet1
    access-list 8 permit 192.168.10.0 0.0.0.255
    Os1LaYr5

  2. #12
    Junior Member
    Join Date
    Aug 2003
    Posts
    11
    os1,

    thank you for that simple breakdown, i think that more than anything i get caught up in the numbers, and confuse myself beyond what i think i need to be. taking that example one step further, is it wise to do any type of port forwarding (ie, 'conduit permit tcp [port] any any') type of commands in a Router configuration or is that better left for a separate firewall configuration, OR am i being a complete id10t and those are apples and oranges?

    thank you for your enlightment, appreciate your time

    -java

  3. #13
    Member
    Join Date
    Jun 2002
    Posts
    44
    conduit statements are only in firewalls. you wont have to put conduit statements in your router. port forwarding means that say when someone connects to a particular port they are forwarded to a different port. an example if someone connects to port 21 but the ftp server is port 4000 you would have a command that states any ftp connections on port 21 forward to port 4000
    what you are looking at are maybe static nat statements as well. if you have a server on the inside network that people from the outside network need to access you can do 1 of 2 things.

    1. configure a static nat statment ( this opens all ports to the server and is not very secure)

    ip nat inside source static localipaddress publicipaddress

    the other thing you can do is open the ports that the public need to access. my example is a website

    ip nat inside source static tcp 10.0.0.10 80 64.242.183.10 80

    the 10.0.0.10 is the actual ip address of the server. the 80 is port 80 for a web site and the 64.242.183.10 is the ip address that the internet uses to connect to the web server.
    Os1LaYr5

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides