ip nat pool IP-BLOCK 206.53.50.225 206.53.50.226 netmask 255.255.255.248
ip nat inside source list NAT pool IP-BLOCK overload
ip nat inside source static tcp 192.168.200.2 22 206.53.50.230 22 extendable
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
permit 192.168.4.0 0.0.0.255
permit 192.168.5.0 0.0.0.255
!
ip access-list extended LAN
deny ip host 255.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.168.5.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
permit ip any any
ip access-list extended WAN
deny ip any 10.0.0.0 0.255.255.255 log-input
deny ip any 127.0.0.0 0.255.255.255 log-input
deny ip any 169.254.0.0 0.0.255.255 log-input
deny ip any 192.168.0.0 0.0.255.255 log-input
deny ip any 172.16.0.0 0.15.255.255 log-input
deny ip any 224.0.0.0 15.255.255.255 log-input
deny ip host 255.255.255.255 any log-input
deny ip host 0.0.0.0 any log-input
deny ip 192.168.1.0 0.0.0.255 any log-input
permit udp any eq bootps any eq bootpc
permit icmp any any net-unreachable
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any parameter-problem
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any traceroute
deny icmp any any log-input
permit tcp any any eq 1723 log-input
permit tcp any any eq 4577
permit udp any any eq 42337
permit gre any any
deny ip any any log-input
!