Re: NAT sample configs [7:53042]
Thanks to everyone that helped. Derald John Huston wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The Cisco site has quite a few of them. Please refer to the URL below. http://www.cisco.com/warp/public/556/index.shtml and this URL will help you with other sample configs. http://www.cisco.com/public/technotes/serv_tips.shtml Good Luck Derald Sweatt wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am working on a project on setting up NAT. If anyone has sample configs out there. please let me know. Thanks in advance. Derald Sweatt CSX Technologies CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53232t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT sample configs [7:53042]
The Cisco site has quite a few of them. Please refer to the URL below. http://www.cisco.com/warp/public/556/index.shtml and this URL will help you with other sample configs. http://www.cisco.com/public/technotes/serv_tips.shtml Good Luck Derald Sweatt wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am working on a project on setting up NAT. If anyone has sample configs out there. please let me know. Thanks in advance. Derald Sweatt CSX Technologies CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53101t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT sample configs [7:53042]
John Here is a basic example of NAT with overload using just two interfaces and one public IP address. This is home set up for cable on a 2514 interface Ethernet0 description Cable Modem ip address dhcp ip access-group 199 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside no ip route-cache no ip mroute-cache no cdp enable ! interface Ethernet1 description private inside network ip address 192.168.1.1 255.255.255.0 ip broadcast-address 68.48.210.x ip nat inside no ip route-cache no ip mroute-cache no cdp enable ip access-list 1 permit ip 192.168.1.0 0.0.0.255 ip nat inside source list 1 interface ethernet 0 overload A good start for an access list for perimeter protection would be to prevent spoofing which is to prevent any access through your public interface by spoofed private address range Example is access-list 1 permit 192.168.1.0 0.0.0.255 access-list 199 deny ip host 0.0.0.0 any log access-list 199 deny ip any host 0.0.0.0 log access-list 199 deny ip host 10.1.1.1 any log access-list 199 deny ip 127.0.0.0 0.255.255.255 any log access-list 199 deny ip 169.254.0.0 0.0.255.255 any log access-list 199 deny ip 172.16.0.0 0.15.255.255 any log access-list 199 deny ip 192.168.0.0 0.0.255.255 any log access-list 199 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 log access-list 199 deny ip any 255.255.255.0 0.0.0.255 log access-list 199 permit ip any any Also to forward ftp or web traffic to certain private address you would use a forward list something like this ip nat inside source static tcp 192.168.1.4 80 interface Ethernet0 80 There is bunch of other stuff you can do with access lists to permit or deny certain types of traffic. If you want more examples please let me know. HTH Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53130t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT sample configs [7:53042]
Derald, Please feel free to download my freeware Mentor from my website and use it for this purpose. It takes you step-by-step through NAT (static overload) and much more. Screenshot of the software is also posted there. http://www.networkking.net Bernard I am working on a project on setting up NAT. If anyone has sample configs out there. please let me know. Thanks in advance. Derald Sweatt CSX Technologies CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53133t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT sample configs [7:53042]
I am working on a project on setting up NAT. If anyone has sample configs out there. please let me know. Thanks in advance. Derald Sweatt CSX Technologies CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53042t=53042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]