I'm trying to set up a new router specifically as a firewall. The 20-dot network is my public subnet. The 10-dot network is my private. The 21-dot network is a WAN link. I need to set up NAT from the 20-dot to the 10-dot network with overload, and an access list to allow all traffic from the 21-dot network, and any internet traffic to my Proxy server which is the 10.1.17.5 address. This configuration is all in theory - I haven't tested it. Can anyone look at this, and point out any errors or potential problems?
Current Configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ExpressPoint
!
ip subnet-zero
!
interface Ethernet0/0
description Connection to Internet Router
ip address 20.146.19.2 255.255.255.0
ip access-group 101 in
ip access-group 101 out
no logging event subif-link-status
ip nat outside
!
interface Ethernet1/0
description Connection to WAN Link
ip address 10.1.16.1 255.255.248.0
no logging event subif-link-status
ip nat inside
!
ip nat pool firewall 20.146.19.11 20.146.19.11 netmask 255.255.255.0
ip nat inside source list nonat pool firewall overload
!
ip nat inside source static 10.1.16.1 20.146.19.5
ip nat inside source static 10.1.16.2 20.146.19.6
ip nat inside source static 10.1.16.3 20.146.19.7
ip nat inside source static 10.1.16.4 20.146.19.8
ip nat inside source static 10.1.16.5 20.146.19.9
ip nat inside source static 10.1.16.6 20.146.19.10
!
ip classless
ip route 0.0.0.0 0.0.0.0 20.146.19.2
ip route 21.0.0.0 255.0.0.0 20.146.19.2
ip route 20.146.19.0 255.255.255.0 10.1.16.1
no ip http server
!
access-list 101 permit tcp host 21.146.19.0 0.0.0.255 10.1.17.5 0.0.0.0
access-list 101 permit udp host 21.146.19.0 0.0.0.255 10.1.17.5 0.0.0.0
access-list 101 permit tcp host 21.0.0.0 0.255.255.255 10.1.0.0 0.0.255.255
access-list 101 permit udp host 21.0.0.0 0.255.255.255 10.1.0.0 0.0.255.255
access-list 101 deny any any
!
route-map nonat permit 100
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
Current Configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ExpressPoint
!
ip subnet-zero
!
interface Ethernet0/0
description Connection to Internet Router
ip address 20.146.19.2 255.255.255.0
ip access-group 101 in
ip access-group 101 out
no logging event subif-link-status
ip nat outside
!
interface Ethernet1/0
description Connection to WAN Link
ip address 10.1.16.1 255.255.248.0
no logging event subif-link-status
ip nat inside
!
ip nat pool firewall 20.146.19.11 20.146.19.11 netmask 255.255.255.0
ip nat inside source list nonat pool firewall overload
!
ip nat inside source static 10.1.16.1 20.146.19.5
ip nat inside source static 10.1.16.2 20.146.19.6
ip nat inside source static 10.1.16.3 20.146.19.7
ip nat inside source static 10.1.16.4 20.146.19.8
ip nat inside source static 10.1.16.5 20.146.19.9
ip nat inside source static 10.1.16.6 20.146.19.10
!
ip classless
ip route 0.0.0.0 0.0.0.0 20.146.19.2
ip route 21.0.0.0 255.0.0.0 20.146.19.2
ip route 20.146.19.0 255.255.255.0 10.1.16.1
no ip http server
!
access-list 101 permit tcp host 21.146.19.0 0.0.0.255 10.1.17.5 0.0.0.0
access-list 101 permit udp host 21.146.19.0 0.0.0.255 10.1.17.5 0.0.0.0
access-list 101 permit tcp host 21.0.0.0 0.255.255.255 10.1.0.0 0.0.255.255
access-list 101 permit udp host 21.0.0.0 0.255.255.255 10.1.0.0 0.0.255.255
access-list 101 deny any any
!
route-map nonat permit 100
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
