This is an old revision of the document!
no access-list 1 ! access-list 1 permit host 192.168.X.101 access-list 1 permit host 192.168.X.10 access-list 1 deny any line vty 0 15 ! no login ! for no password access access-class 1 in end
no ip access-list extended ACL_FIREWALL ip access-list extended ACL_FIREWALL permit tcp any host 192.168.X.10 eq 80 permit tcp any host 192.168.X.10 eq 22 permit icmp any 192.168.X.0 0.0.0.255 ! permit tcp any host 172.16.1.X eq 80 ! permit tcp any host 172.16.1.X eq 22 ! permit icmp any host 172.16.1.X permit udp any any permit tcp any any established deny ip any any log interface FastEthernet1/1 ip access-group ACL_FIREWALL in end
ip access-list standard ACL_NAT permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 deny any ip nat inside source list ACL_NAT interface FastEthernet1/1 overload ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable interface FastEthernet1/0 ip nat inside interface FastEthernet1/1 ip nat outside
router# show ip nat tr router# clear ip nat tr *
ip access-list extended ACL_REDIRECT_HTTP deny ip host 192.168.X.10 any permit tcp 192.168.X.0 0.0.0.255 any eq www route-map RM_REDIRECT_HTTP permit 10 match ip address ACL_REDIRECT_HTTP set ip next-hop 192.168.X.10 interface FastEthernet1/0 ip policy route-map RM_REDIRECT_HTTP
FastEthernet1/0 - интерфейс подключенный к LAN