This is an old revision of the document!
no access-list 1 ! access-list 1 permit host 192.168.X.101 access-list 1 permit host 192.168.X.10 access-list 1 deny any line vty 0 15 ! no login ! for no password access access-class 1 in end
no ip access-list extended ACL_FIREWALL ip access-list extended ACL_FIREWALL permit tcp any host 192.168.X.10 eq 80 permit tcp any host 192.168.X.10 eq 22 permit icmp any 192.168.X.0 0.0.0.255 ! permit tcp any host 172.16.1.X eq 80 ! permit tcp any host 172.16.1.X eq 22 permit icmp any host 172.16.1.X permit udp any any permit tcp any any established deny ip any any log interface FastEthernet1/1 ip access-group ACL_FIREWALL in end
ip access-list standard ACL_NAT permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 deny any ip nat inside source list ACL_NAT interface FastEthernet1/1 overload ip nat inside source static udp 192.168.X.10 53 172.16.1.X 53 extendable ip nat inside source static tcp 192.168.X.10 53 172.16.1.X 53 extendable ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable interface FastEthernet1/0 ip nat inside interface FastEthernet1/1 ip nat outside
router# show ip nat tr router# clear ip nat tr *
ip access-list extended ACL_REDIRECT_HTTP deny ip host 192.168.X.10 any permit tcp 192.168.X.0 0.0.0.255 any eq www route-map RM_REDIRECT_HTTP permit 10 match ip address ACL_REDIRECT_HTTP set ip next-hop 192.168.X.10 interface FastEthernet1/0 ip policy route-map RM_REDIRECT_HTTP
FastEthernet1/0 - интерфейс подключенный к LAN