cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor II

Can you nat without the firewall on?

Jump to solution

Can you nat without the firewall on?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Anonymous
Not applicable

Re: Can you nat without the firewall on?

Jump to solution

travisrigby:

Thank you for asking this question.  You must have the the ip firewall enabled, as well as policy-classes created, and access-control lists (ACLs) to match traffic to be NAT'ed.  Additional information about the firewall and setting up NAT can be found in the IPv4 Firewall Protection in AOS, Configuring T1 Internet Access in AOS, and the video Configuring Internet Access (Many to one NAT) with the Firewall Wizard in AOS.

Here is an example NAT configuration:

ip firewall

!

interface eth 0/1

  ip address 192.168.1.1 255.255.255.0

  access-policy Private

  no shutdown

!

interface ppp 1

  ip address 65.162.109.202 255.255.255.252

  access-policy Public

  no shutdown

  cross-connect 1 t1 1/1 1 ppp 1

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

ip policy-class Private

  nat source list wizard-ics interface ppp 1 overload

!

ip policy-class Public

  ! Implicit discard


Please review the documents above, and let me know if you have any question.


Levi

View solution in original post

3 Replies
Highlighted
Anonymous
Not applicable

Re: Can you nat without the firewall on?

Jump to solution

travisrigby:

Thank you for asking this question.  You must have the the ip firewall enabled, as well as policy-classes created, and access-control lists (ACLs) to match traffic to be NAT'ed.  Additional information about the firewall and setting up NAT can be found in the IPv4 Firewall Protection in AOS, Configuring T1 Internet Access in AOS, and the video Configuring Internet Access (Many to one NAT) with the Firewall Wizard in AOS.

Here is an example NAT configuration:

ip firewall

!

interface eth 0/1

  ip address 192.168.1.1 255.255.255.0

  access-policy Private

  no shutdown

!

interface ppp 1

  ip address 65.162.109.202 255.255.255.252

  access-policy Public

  no shutdown

  cross-connect 1 t1 1/1 1 ppp 1

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

ip policy-class Private

  nat source list wizard-ics interface ppp 1 overload

!

ip policy-class Public

  ! Implicit discard


Please review the documents above, and let me know if you have any question.


Levi

View solution in original post

Highlighted
Anonymous
Not applicable

Re: Can you nat without the firewall on?

Jump to solution

travisrigby:

I have marked this post as "assumed answered," but do not hesitate to reply to this thread if you have further questions on this topic.  I will be happy to help.

Levi

Highlighted
Anonymous
Not applicable

Re: Can you nat without the firewall on?

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor