Solved

CCNA: Access-List from Outside to Inside

Posted on 2009-07-15
2
284 Views
Last Modified: 2012-05-07
Hi,

1) This is related to the CCNA Exam (but i want to apply it in a real life situation)
2) This is taken from one of the prep test.
3) Please see the attached file.
4) Tha given question: " What must be configured on the network in order for users on the internet to view web Pages located on the Web Server 2 ?.
5) The given answer: " On Router R1, Configure NAT to translate an address on the 209.165.100.0/24 network to 192.168.1.10
6) My question: i) I agree with the given answer, and i want to write it down the ios command for it , ii) I am still not yet confident related to this and i need the Confirmation or Correction from the experts related to it (Please see my ios commands below).

The IOS commands per my understanding:
R1(config)#interface fa0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface s0/0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#access-list 102 permit tcp 209.165.100.0 0.0.0.25 192.168.1.10 0.0.0.0 eq 80
R1(config)#access-list 102 deny any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload

7)Thank you

tjie


ACL-fr-Outside001.jpg
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Ahmed Ezzat AbuRaya earned 300 total points
ID: 24865283
I think it is almost correct.. Maybe this is what you need:
Why don't you try experimenting using a simulator like Boson? It's great for CCNA..

R1(config)#interface fa0/0
*R1(config)#ip address 192.168.1.250 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface s0/0/0
*R1(config)#ip address 209.165.100.250 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#exit
*R1(config)#access-list 102 permit tcp 209.165.100.0 0.0.0.255 192.168.1.10 0.0.0.0 eq 80
R1(config)#access-list 102 deny any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload


Also check this: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

I Hope this helped. I'd be happy to see other comments from other experts :)
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 24865823
The first part is correct, but here I would make changes

no:
R1(config)#access-list 102 permit tcp 209.165.100.0 0.0.0.25 192.168.1.10 0.0.0.0 eq 80
R1(config)#access-list 102 deny any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload

Yes:
R1(config)#access-list 102 permit ip 192.168.1.0 0.0.0.255 any
R1(config)#ip nat inside source list 102 interface s0/0/0 overload
R1(config)#ip nat inside source tcp 192.168.1.10 80 interface ser0/0/0 80
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OSPF - Convergence & Downtime 9 101
HP 2530 switch and routing 4 98
IP Jumping 6 69
Cisco L3 Switch - Show DHCP Server's IP Address for every VLAN 3 13
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question