CCNA: Access-List from Outside to Inside

Hi,

1) This is related to the CCNA Exam (but i want to apply it in a real life situation)
2) This is taken from one of the prep test.
3) Please see the attached file.
4) Tha given question: " What must be configured on the network in order for users on the internet to view web Pages located on the Web Server 2 ?.
5) The given answer: " On Router R1, Configure NAT to translate an address on the 209.165.100.0/24 network to 192.168.1.10
6) My question: i) I agree with the given answer, and i want to write it down the ios command for it , ii) I am still not yet confident related to this and i need the Confirmation or Correction from the experts related to it (Please see my ios commands below).

The IOS commands per my understanding:
R1(config)#interface fa0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface s0/0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#access-list 102 permit tcp 209.165.100.0 0.0.0.25 192.168.1.10 0.0.0.0 eq 80
R1(config)#access-list 102 deny any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload

7)Thank you

tjie


ACL-fr-Outside001.jpg
tjieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ahmed Ezzat AbuRayaNetwork Developer EngineerCommented:
I think it is almost correct.. Maybe this is what you need:
Why don't you try experimenting using a simulator like Boson? It's great for CCNA..

R1(config)#interface fa0/0
*R1(config)#ip address 192.168.1.250 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface s0/0/0
*R1(config)#ip address 209.165.100.250 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#exit
*R1(config)#access-list 102 permit tcp 209.165.100.0 0.0.0.255 192.168.1.10 0.0.0.0 eq 80
R1(config)#access-list 102 deny any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload


Also check this: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

I Hope this helped. I'd be happy to see other comments from other experts :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lrmooreCommented:
The first part is correct, but here I would make changes

no:
R1(config)#access-list 102 permit tcp 209.165.100.0 0.0.0.25 192.168.1.10 0.0.0.0 eq 80
R1(config)#access-list 102 deny any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload

Yes:
R1(config)#access-list 102 permit ip 192.168.1.0 0.0.0.255 any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload
R1(config)#ip nat inside source tcp 192.168.1.10 80 interface ser0/0/0 80
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
TCP/IP

From novice to tech pro — start learning today.