As shown in Figure 1-1, the router functions as the enterprise egress. The firewall function is configured on the router to control host access from the Internet to the internal server of the enterprise. The NAT function is configured on the router to translate the IP address of the internal server to the public address 126.96.36.199.
Figure 1-1 ACL-based access control
The related configuration file is as follows:
nat static protocol tcp global ip 188.8.131.52 inside ip 10.26.103.70 //Configure the one-to-one mapping from the private address 10.26.103.70 to public address 184.108.40.206
acl number 3000 //Configure a rule to forbid the PC using the address 220.127.116.11 to send IP packets to 18.104.22.168.
ip address 22.214.171.124 255.255.255.224
packet-filter 3000 inbound //Perform packet filtering in the inbound direction.
However, the ACL rule does not take effect, and the PC can still access the internal server.