Hi Stephen If you want to know more about NAT, (Technical Tips) check out this link, this one has all your answers hopefully. http://www.cisco.com/warp/public/556/index.shtml
Fahim ""Stephen Hoover"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > All, > > I need to setup my first real NAT statement (as opposed to just a PAT > statement) and I need some > help with the Access List config. > > I have a T1 with 6 public IP's, with all my users nat'ing through the > last 2 IP's with an ip nat > pool/source list statement. The list basically blocks outgoing kazaa, > netbios, and morpheus. I have > my email server pat'd to another IP higher in the list and the problem I am > running in to is that > the mail server uses the same IP's in the nat pool statement when it sends > mail out - which is > causing me reverse lookup headaches. So I want to do a true nat statement > for the mail server so > it's sending and receiving IP's are the same and I can get a reverse lookup > setup for it. > > If I understand IP/TCP/UDP correctly, the client establishes a connection > to the service port on > the remote computer and the remote computer in turn establishes a connection > to some random port > > 1024 on the client. Is that correct? > > So the issue for now becomes, how to restrict access to the mail server > for just 22, (for remote > management) 25, 110, and 6169 (a webmail server) and still allow the > returning nat connections to > the clients? This is what I picture so far. > > access-list 101 permit tcp any (external ip) eq 22 > access-list 101 permit tcp any (external ip) eq 25 > access-list 101 permit tcp any (external ip) eq 110 > access-list 101 permit tcp any (external ip) eq 6169 > access-list 101 deny tcp any any lt 1024 > access-list 101 deny udp any any lt 1024 > > then I start to get a bit hazy as to the returning nat connections for the > clients......perhaps > access-list 101 permit tcp/upd any any range 1025-65535? > > I'm assuming also that this will be applied in on the Serial interface. > > Any help greatly appreciated!!! > > Stephen Hoover > Dallas, Texas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44593&t=44357 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
