Router NAT and ACL Configuration Guide for Campus Network

This guide provides step‑by‑step instructions for configuring a router to enable internal hosts to access a campus server using the public IP address 211.1.1.6 through NAT and ACL rules.

1. Router configuration

Define an ACL to permit traffic from the internal subnet to the server:

acl number 3000
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 211.1.1.6 0

Configure the internal interface:

interface GigabitEthernet1/0/0
ip address 192.168.1.1 255.255.255.0

Set up a static global NAT entry so that internal users can reach the server using the public address:

nat static global 211.1.1.6 inside 192.168.1.2 netmask 255.255.255.255

Enable outbound NAT with Easy‑IP to translate the source address of traffic destined for 211.1.1.6 to the router’s external interface address, ensuring all internal‑to‑external traffic passes through the router: nat outbound 3000 Configure the external interface:

interface GigabitEthernet1/0/1
ip address 202.1.1.1 255.0.0.0

Add another static global NAT entry to allow external users to reach the server:

nat static global 211.1.1.6 inside 192.168.1.2 netmask 255.255.255.255

2. Verify configuration results

After applying the configuration, internal users should be able to access the campus server via the public IP 211.1.1.6. Key verification points include:

Correct ACL definition for the NAT conversion.

Proper Easy‑IP outbound NAT direction.

If only a single public IP is allocated, you can configure a loopback interface as the gateway exit and use the following command to create a protocol‑specific static NAT entry:

nat static protocol { tcp | udp } global interface loopback interface-number global-port inside host-address [netmask mask]

This ensures that specific TCP/UDP services are correctly translated while preserving the public IP address.

Finally, confirm that the internal network can reach the server and that external users can access the server using the public IP address.