Access-list with Nat

Situation:
I want to block certain internal IP addresses from on my internal network from reaching the external network.
The router is using network adress translation from the internal network to the external network.

Initial Solution:
I set up an outgoing access list on external interface to block the IP addresses.

Problem:
The addresses are apparently translated before they reach the interface. My logs only show the external address going through. The access-list isn't touching anything going through it.

Question:
How do I apply an outgoing access list to the interface while NAT is running?

Pain is the realization of your own weakness.
4 answers Last reply
More about access list
  1. just put an access list on the internal interface. i dont see your problem.

    wpdclan.com cs game server - 69.12.5.119:27015
  2. Already tried that, it didn't quite work the way I expected.
    There are a lot of details that I'd rather not waste my time typing.
    Let's just say that's not a option.

    Pain is the realization of your own weakness.
  3. can you do it with the mac address on the switches?

    wpdclan.com cs game server - 69.12.5.119:27015
  4. Don't have access to the switches.

    I got it figured out though.
    I can permit outgoing requests on the router by MAC address.

    Thanks for the help jihiggs.

    Pain is the realization of your own weakness.
Ask a new question

Read More

Routers IP Networking