There are a variety of reasons we use ACLs. The primary reason is to provide a basic level of security for the network. ACLs are also used to restrict updates for routing from network peers and can be instrumental in defining flow control for network traffic.

An Access Control List is a router configuration script that controls whether packets are allowed or dropped based on the information in the packet header. An ACL can be associated to each RCP100 interface for each of the three types of traffic: input – packets consumed by the system.

An access control list (ACL) consists of one or more access control entries (ACEs) that collectively define the network traffic profile. This profile can then be referenced by Cisco IOS XR Software software features such as traffic filtering, priority or custom queueing, and dynamic access control.

Access Control List (ACL) refers to a specific set of rules used for filtering network traffic, especially in computer security settings. ACLs also allow specific system objects such as directories or file access to authorized users and denies access to unauthorized users.

Configuring Access Control Lists

1. Create a MAC ACL by specifying a name.
2. Create an IP ACL by specifying a number.
3. Add new rules to the ACL.
4. Configure the match criteria for the rules.
5. Apply the ACL to one or more interfaces.

What Is NAT? NAT stands for network address translation. It’s a way to map multiple local private addresses to a public one before transferring the information. Organizations that want multiple devices to employ a single IP address use NAT, as do most home routers.

Translates the source IP address of packets that travel from inside to outside. Translates the destination IP address of packets that travel from outside to inside.

Network Address Translation (NAT) is the ability of a router to translate a public IP address to a private IP address and vice versa. It adds security to the network by keeping the private IP addresses hidden from the outside world. Once the ports are successfully opened, the NAT Type will change to Open or Moderate.

If you could provide the config snapshot( excluding the sensitive informations, public ip..) it would helpful to assist you in the right direction. Depending on your need you can either use a standard or extended ACL in this scenario. If you just want to allow the inside users to get NAT’ed. then you can use the standard acl as follows.

For example: access-list 10 permit 192.168.20.0 0.0.0.255 access-list 10 permit 192.168.10.0 0.0.0.255 Here the network 192.168.20.0/24 and 192.168.10.0/24 are the inside networks. Ex:Create a dynamic nat in the global config ip nat inside source list 10 interface overload In this example, an ACL 10 is created to allow the inside subnets.

Benefits of Configuring NAT for IP Address Conservation NAT allows organizations to resolve the problem of IP address depletion when they have existing networks and must access the Internet. Sites that do not yet possess Network Information Center (NIC)-registered IP addresses must acquire them.

NAT can share the physical interface address (not any other IP address) of a device only by using the NAT interface overload configuration. A device uses the ports of its physical interface and NAT must receive communication about the ports that it can safely use for translation.