CCNA Teacher
While configuring NAT on a CISCO router , we use "ip nat inside source" command.I do understand this.But what happens if i use "ip nat outside source" command.What does this command do?
Basically changes the source address of packets that are traveling from the outside to the inside, so the opposite of the inside command. It will also change the destination address of packets going in the opposite direction. I've not personally used it however its use would stem from when inside addresses are overlapping with addresses that are on the outside of your network which comes from for example people using public IP ranges on their internal network which have been assigned for use online somewhere else.
************************
Please look at this scenario :
In this simple scenario we would like to put an ACL in the router by which just PC1 would be allowed to telnet to the router.
To do this scenario
after creating ACL by these commands :
Router(config)# ip access-list standard amir
Router(config-std-nacl) # 10 permit host 192.168.10.2
then I recall this ACL on the fa0/0 of Router by these commands :
Router(config)# line vty 0 4
Router(config-line) # ip access-class amir in
But after all these commands and using Packet tracer as a simulator software, both of PCs are able to telnet to the router !! it is not supposed that PC0 (192.168.10.1) will be able to telnet the router. So what is the wrong with those commands ?
if I put that ACL on the interface f0/0 instead of line vty, and using these commands :
Router(config)# int f0/0
Router(config-if) # ip access-group amir in
the scenario will work well .
so I don't know the problem is related to my commands or to Packet tracer as a simulator.
******************
using number instead of name for ACL didn't work out (in fact I had tried that before I wrote this post) , but using "deny any" worked out even for a named ACL. the point is all of these stories and problems just happend in Packet tracer as a simulator , but you won't face any problem with those command by using GNS3 as a emulator.
************
use out at the end of your command .and also first configur telnet in router.then define access list.
It's not a PT bug! It works fine for me without a deny any at the end of the ACL and applied on the vty line with the access-class command. And I know that it worked fine as back as v4 and we are on 6.1.1 now.
While configuring NAT on a CISCO router , we use "ip nat inside source" command.I do understand this.But what happens if i use "ip nat outside source" command.What does this command do?
Basically changes the source address of packets that are traveling from the outside to the inside, so the opposite of the inside command. It will also change the destination address of packets going in the opposite direction. I've not personally used it however its use would stem from when inside addresses are overlapping with addresses that are on the outside of your network which comes from for example people using public IP ranges on their internal network which have been assigned for use online somewhere else.
************************
Please look at this scenario :In this simple scenario we would like to put an ACL in the router by which just PC1 would be allowed to telnet to the router.
To do this scenario
after creating ACL by these commands :
Router(config)# ip access-list standard amir
Router(config-std-nacl) # 10 permit host 192.168.10.2
then I recall this ACL on the fa0/0 of Router by these commands :
Router(config)# line vty 0 4
Router(config-line) # ip access-class amir in
But after all these commands and using Packet tracer as a simulator software, both of PCs are able to telnet to the router !! it is not supposed that PC0 (192.168.10.1) will be able to telnet the router. So what is the wrong with those commands ?
if I put that ACL on the interface f0/0 instead of line vty, and using these commands :
Router(config)# int f0/0
Router(config-if) # ip access-group amir in
the scenario will work well .
so I don't know the problem is related to my commands or to Packet tracer as a simulator.
******************
using number instead of name for ACL didn't work out (in fact I had tried that before I wrote this post) , but using "deny any" worked out even for a named ACL. the point is all of these stories and problems just happend in Packet tracer as a simulator , but you won't face any problem with those command by using GNS3 as a emulator.
************
use out at the end of your command .and also first configur telnet in router.then define access list.
It's not a PT bug! It works fine for me without a deny any at the end of the ACL and applied on the vty line with the access-class command. And I know that it worked fine as back as v4 and we are on 6.1.1 now.
No comments:
Post a Comment