Router NAT and ACL Configuration for External and Internal Interfaces
This article provides a step‑by‑step configuration example for a router, detailing external and internal interface settings, NAT server and static NAT rules, outbound NAT policies, and corresponding ACLs to control traffic between multiple subnets.
interface GigabitEthernet0/0/0description link_to_ISPip address x.x.x.x x.x.x.xnat server protocol tcp global current-interface 8890 inside 192.168.5.10 443nat server protocol tcp global current-interface 3333 inside 192.168.5.3 telnetnat server protocol tcp global current-interface 8888 inside 192.168.5.2 wwwnat static protocol tcp global current-interface 8000 inside 192.168.2.55 8000 netmask 255.255.255.255nat static protocol tcp global current-interface 8003 inside 192.168.2.55 8003 netmask 255.255.255.255nat static protocol tcp global current-interface 8010 inside 192.168.2.55 8010 netmask 255.255.255.255nat static protocol tcp global current-interface 8880 inside 192.168.2.55 8880 netmask 255.255.255.255nat static protocol tcp global current-interface 3389 inside 192.168.2.51 3389 netmask 255.255.255.255nat static protocol tcp global current-interface 8081 inside 192.168.2.53 8081 netmask 255.255.255.255nat static protocol tcp global current-interface 2700 inside 192.168.2.53 2700 netmask 255.255.255.255nat static protocol tcp global current-interface 2600 inside 192.168.2.53 2600 netmask 255.255.255.255nat static protocol tcp global current-interface 3390 inside 192.168.3.3 3389 netmask 255.255.255.255nat outbound 2001acl number 2001rule 1 permit source 192.168.5.0 0.0.0.255rule 2 permit source 192.168.2.0 0.0.0.255rule 3 permit source 192.168.3.0 0.0.0.255rule 4 permit source 192.168.4.0 0.0.0.255---
interface GigabitEthernet0/0/1description link_to_inside_networkip address 192.168.5.1 255.255.255.0nat server protocol tcp global interface GigabitEthernet0/0/0 8000 inside 192.168.2.55 8000nat server protocol tcp global interface GigabitEthernet0/0/0 8003 inside 192.168.2.55 8003nat server protocol tcp global interface GigabitEthernet0/0/0 8010 inside 192.168.2.55 8010nat server protocol tcp global interface GigabitEthernet0/0/0 8880 inside 192.168.2.55 8880nat outbound 3000acl number 3000rule 20 permit ip source 192.168.2.0 0.0.0.255rule 25 permit ip source 192.168.3.0 0.0.0.255rule 30 permit ip source 192.168.4.0 0.0.0.255rule 35 permit ip source 192.168.5.0 0.0.0.255quit
For further learning and discussion, scan the QR code below to follow the community.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Practical DevOps Architecture
Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.