Firewall Wizards mailing list archives
Re: NAT order help
From: sivakumar <siva_itech () yahoo com>
Date: Wed, 14 Nov 2007 05:36:08 -0800 (PST)
Hi, Thanks for your reply. Is my rule for Static PAT right or i need to specify TCP/UDP ports to do a PAT? Is it possible to translate multiple ip's from inside to a single ip outside using static. Please let me know since i couldn't find in Cisco Docs saying any Static PAT like that rather they do perform redirection on ports. kevin horvath wrote:
to clarify, Traffic initiated from the inside (10 net) will map to itself (identity nat), unless it is tcp traffic destined for 1.1.1.1 then it will map to 1.1.1.2. Traffic initiated from the outside to the inside will not matter since this is where there is no overlapping as the above scenario. Here traffic destined for 10.x will be translated to itself. The policy nat in this scenario does not allow traffic initiated from a lower security interface to a higher security interface as it can only be done via nat exemption, identity nat, or static nat/pat. I think this is where the confusion was. Only local traffic can be translated with Policy NAT (thanks for catching my typo above) not global. hope this clarifies things. KevinOn 11/6/07, sivakumar <siva_itech () yahoo com> wrote:Hi, access-list rule1 permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1 static(inside,ouside) 1.1.1.2 access-list rule1 0 0 static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0 Please tell me which statement will take precedence - policy NAT otStaticNAT.. -- View this message in context:http://www.nabble.com/NAT-order-help-tf4737610.html#a13548213Sent from the Firewall Wizards mailing list archive at Nabble.com. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards-- Avishai Wool, Ph.D., Co-founder and Chief Technical Officer http://www.algosec.com ******* Firewall Management Made Smarter ****** _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards-- Avishai Wool, Ph.D., Co-founder and Chief Technical Officer http://www.algosec.com ******* Firewall Management Made Smarter ****** _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-- View this message in context: http://www.nabble.com/NAT-order-help-tf4737610.html#a13746694 Sent from the Firewall Wizards mailing list archive at Nabble.com. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT order help sivakumar (Nov 08)
- Re: NAT order help kevin horvath (Nov 09)
- Re: NAT order help Avishai Wool (Nov 09)
- Re: NAT order help kevin horvath (Nov 09)
- Re: NAT order help Avishai Wool (Nov 12)
- Re: NAT order help kevin horvath (Nov 13)
- Re: NAT order help sivakumar (Nov 14)
- Re: NAT order help kevin horvath (Nov 14)
- Re: NAT order help kevin horvath (Nov 09)