Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions


10093 Views 3 Replies Latest reply: Jul 1, 2013 6:18 AM by BRAD RSS

Currently Being Moderated

ip nat inside source list

Jun 3, 2011 4:58 AM

Alexandr 2 posts since
Apr 5, 2011

Hello, guys.

I got into a situation that I can't figure out myself.


Let's assume we have a router with two interfaces with network behind fa0/0:

fa0/0 - ip nat inside

fa0/1 - ip nat outside


We want to do a simple overloaded NAT:

ip nat inside source list NAT_ACL interface FastEthernet0/1 overload


Let's say I want to give a host permission to ping the outside world and nothing more (ICMP only).

My first idea was to write a permit rule in the NAT_ACL:

permit icmp host any


But it doesn't work and I don't udenrstand why. Can someone give me a clue on this?


permit ip host any

works perfectly fine for both tcp/udp and icmp connections.

  • Sey 1,388 posts since
    May 4, 2010
    Currently Being Moderated
    1. Jun 3, 2011 5:37 AM (in response to Alexandr)
    Re: ip nat inside source list

    The NAT_ACL is a so called qualifying access list. It just tells the router what hosts are eligible for natting. You can't use it for filtering. Create another ACL for filtering and apply it to fa0/0 with (config-if)#access-group command.

  • BRAD 35 posts since
    Jul 27, 2012
    Currently Being Moderated
    3. Jul 1, 2013 6:18 AM (in response to Alexandr)
    Re: ip nat inside source list

    The optional keyword overload enables port translation for UDP and TCP.


More Like This

  • Retrieving data ...

Bookmarked By (0)