Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Join Date
    Jun 2002
    Nat is very simple you configure.


    1 ip nat inside - under an interface (usually the inside ethernet interface)

    2 ip nat outside - under an interface (usually the outside serial or ethernet interface)

    3 access-list 10 permit - an access list to permit your internal network ips to use nat. configure this as your internal ip addresses

    4 ip nat inside source list 10 interface (outside interface) - lets say you dont want to waste ip addresses you are going to use PAT. this will have all your internal ips use the outside interface address to route on the internet.

    heres an example

    ip address
    ip nat inside

    ip address
    ip nat outside

    ip nat inside source list 8 interface ethernet1
    access-list 8 permit

  2. #12
    Junior Member
    Join Date
    Aug 2003

    thank you for that simple breakdown, i think that more than anything i get caught up in the numbers, and confuse myself beyond what i think i need to be. taking that example one step further, is it wise to do any type of port forwarding (ie, 'conduit permit tcp [port] any any') type of commands in a Router configuration or is that better left for a separate firewall configuration, OR am i being a complete id10t and those are apples and oranges?

    thank you for your enlightment, appreciate your time


  3. #13
    Join Date
    Jun 2002
    conduit statements are only in firewalls. you wont have to put conduit statements in your router. port forwarding means that say when someone connects to a particular port they are forwarded to a different port. an example if someone connects to port 21 but the ftp server is port 4000 you would have a command that states any ftp connections on port 21 forward to port 4000
    what you are looking at are maybe static nat statements as well. if you have a server on the inside network that people from the outside network need to access you can do 1 of 2 things.

    1. configure a static nat statment ( this opens all ports to the server and is not very secure)

    ip nat inside source static localipaddress publicipaddress

    the other thing you can do is open the ports that the public need to access. my example is a website

    ip nat inside source static tcp 80 80

    the is the actual ip address of the server. the 80 is port 80 for a web site and the is the ip address that the internet uses to connect to the web server.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.