Here is a working configuration right here to host a webserver on dsl link and how to do static nat overload. Allow multiple private ip addresses on the inside to net to one ip address on the outside. Using 2949 out of 7506 bytes ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CiscoFW ! logging buffered 4096 debugging enable secret password XXXXXXXXXXXX ! username XXXXXXXXXX ip subnet-zero no ip source-route no ip finger ip name-server XXXXXXXXXXXX ! ! ! interface Ethernet0 description Local Lan bandwidth 10000 ip address XXXXXXXXXXXXXXX XXXXXXXXXXXX no ip directed-broadcast ip nat inside media-type 10BaseT fair-queue 64 256 0 no cdp enable ! interface Ethernet1 description Speakeasy Dsl 1.5/384 bandwidth 10000 ip address XXXXXXXXXXXXXX XXXXXXXXXXXXXXXX ip access-group 101 in no ip directed-broadcast ip nat outside fair-queue 64 256 0 no cdp enable ! interface Serial0 no ip address no ip directed-broadcast shutdown no fair-queue no cdp enable ! ip nat pool speakeasy your assigned ip here space assigned ip here again netmask 255.255.255.0 ip nat inside source list 1 pool speakeasy overload ip nat inside source static tcp LAN IP ADDRESS 80 WAN IP ADDRESS 80 extendable(this is how you host a web server on dsl a static nat entry) ip classless ip route 0.0.0.0 0.0.0.0 your assigned default gateway goes here ! logging trap debugging logging XXXXXXXXXXXXXX access-list 1 permit Local lan subnet here access-list 10 permit Local lan subnet here log ! line con 0 transport input none line vty 0 4 access-class 10 in password XXXXXXX login ! sntp server XXXXXXXXXX scheduler interval 500 end CiscoFW# -----Original Message----- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 12, 2001 2:19 PM To: [EMAIL PROTECTED] Subject: NAT with one address WAS RE: Passing IPSEC packets on DSL [7:361] Yes. Quoting from: http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp. htm As a convenience for users wishing to translate all inside addresses to the address assigned to an interface on the router, the NAT code allows one to simply name the interface when configuring the dynamic translation rule: ip nat inside source list interface overload If there is no address on the interface, or it the interface is not up, no translation will occur. Example: ip nat inside source list 1 interface Serial0 overload There are other examples on CCO. They have recently rearranged the pages and I can't find them. > -----Original Message----- > From: Hire, Ejay [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 12, 2001 12:13 PM > To: [EMAIL PROTECTED] > Subject: RE: Passing IPSEC packets on DSL [7:321] > > > Is there any way to do NAT on a PIX or a Cisco router if you > only have one > usable IP address? I perused CCO, and the most minimalistic > NAT/PAT config > I can find still requires 2 (1 interface, one global) addresses. The > Linksys/Netgear jobbies do it with one IP. > > i.e. > > ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2 > 255.255.255.252) Router - Internal network. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=369&t=369 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]