Tuesday, 8 November 2016

ACL Placement with NAT



Router1:

interface GigabitEthernet0/0
ip address 172.17.1.1 255.255.0.0
ip nat inside

interface GigabitEthernet0/1
ip address 193.1.1.1 255.255.255.0
ip access-group sith out
(ACL placed here does not work with the present NAT Configuration
on the same Router,either change ACL to int g0/0 or remove NAT)
ip nat outside
  router rip
version 2
network 172.17.0.0
network 193.1.1.0
no auto-summary
!
ip nat pool jedi 193.1.1.10 193.1.1.10 netmask 255.255.255.0
ip nat inside source list 10 pool jedi overload
ip classless
!
access-list 10 permit 172.17.0.0 0.0.255.255
ip access-list extended sith
deny tcp 172.17.1.64 0.0.0.63 host 193.1.1.100 eq www
deny tcp 172.17.1.0 0.0.0.15 host 193.1.1.100 range 20 ftp
deny udp host 172.17.1.192 193.1.1.0 0.0.0.255 eq domain
permit ip any any


Router 2 : (on left)
interface GigabitEthernet0/0
ip address 192.168.3.1 255.255.255.0
ip nat inside
interface GigabitEthernet0/1
ip address 193.1.1.2 255.255.255.0
ip nat outside 

router rip
version 2
network 192.168.3.0
network 193.1.1.0
no auto-summary
!
ip nat inside source static 192.168.3.2 193.1.1.100
ip nat inside source static 192.168.3.3 193.1.1.111
ip nat inside source static 192.168.3.4 193.1.1.122
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.2




No comments:

Post a Comment