[c-nsp] PIX NAT 0
Laurent Geyer
lgeyer at 085zehn.com
Wed Nov 1 13:02:45 EST 2006
On 11/1/06, Shakeel Ahmad <shakeelahmad at gmail.com> wrote:
>
> Can any one explain following command as i have found much documentation
> for
> it:
>
> nat 0 acl/IP Range
>
> My scenario is , i want to limit few subnet (inside) not to use internet -
> but at the very same time i want them to explicitly use public Internet
> for
> 1 or 2 IP's only.
Not sure if nat 0 is the way to go for that. Instead define an access-list
with all the hosts that are permitted to access the internet and then create
a global translation group for them.
Something like this should work:
object-group network internet_access
network-object 10.0.0.0 255.255.255.0
network-object 10.1.0.0 255.255.255.0
network-object host 10.2.0.10
network-object host 10.2.0.11
access-list internet_access permit tcp object-group internet_access any
global (outside) 1 (<IP address range> | interface)
nat (inside) 1 access-list internet_access
- Laurent
More information about the cisco-nsp
mailing list