Hello all,
I would like to set up a one to one static NAT, but I want to secure or only permit some traffic in bound and allow all out on myselcted hosts
my config looks like this
nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static 10.1.20.39 x.x.x.57
access-list 100 remark NATinsideOut
access-list 100 permit ip 10.0.0.0 0.31.255.255 any
access-list 103 remark Inbound NAT Traffic
access-list 103 permit ip any host x.x.x.227 log
access-list 103 remark Postini to Escort
access-list 103 permit tcp any host x.x.x.57 eq 443 log
access-list 103 remark Postini to Escort
access-list 103 permit udp any host x.x.x.57 eq 443 log
access-list 103 deny ip any any log
With the 103 Rule is in place I lose all out bound traffic, but the external service is able connect on port 443 as I wanted.
When the rule is removed all traffic is allowed out and in out.