| FireSword 2003-08-31, 8:28 pm |
| Yes, you do have to set up static NAT (ip nat inside source static 192.168.1.z x.x.x.y) and you have to deny that private IP from participating in dynamic nat. Since you are using list 1 for NAT, you can say:
access-list 1 deny host 192.168.1.z
access-list 1 permit any
and of course, you will want to create another access list to allow outside traffic to that IP address, only on port 80
you will be able to access the server on IP x.x.x.y
"brandon" <brandon.newton@cox.net> wrote in message news:9sr4b.31566$uh6.6457@lakeread05...
Below is a snippet from my config. I wanted to be able to access my webserver from work. Do I need to do a static translation on my outside interface or inside interface. How will I allow out users access to my webservers? The router is a 2514 with IOS 12.1.17.
interface Ethernet
ip address x.x.x.x 255.255.255.192
ip access-group 101 in
ip nat outside
no ip mroute-cache
priority-group 1
!
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
priority-group 1
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
!
ip default-gateway x.x.x.x
ip nat translation max-entries 10000
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
|