×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NAT Curiosity

Answered Question
Jul 28th, 2003
User Badges:

I'm new to setting up NAT and I am curious as to why you need to put an ACL in to get it to work. Is it in the programming of NAT to deny as default? I've looked around and the pages seem to say, "just do it like this and it will work". So I did, and it does, but why?


Sorry if this is too basic...

Correct Answer by thisisshanky about 14 years 3 weeks ago

Nat has two types of translations, dynamic and static. static is more like an one to one mapping. While in case of dynamic NAT, there needs to be some way to define which traffic needs to be nated, and which is not. The way Cisco has designed, NAT to select a particular traffic to be NATed, is to match the traffic using an access-list.





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
thisisshanky Mon, 07/28/2003 - 23:00
User Badges:
  • Purple, 4500 points or more

Nat has two types of translations, dynamic and static. static is more like an one to one mapping. While in case of dynamic NAT, there needs to be some way to define which traffic needs to be nated, and which is not. The way Cisco has designed, NAT to select a particular traffic to be NATed, is to match the traffic using an access-list.





jolmo Mon, 07/28/2003 - 23:06
User Badges:
  • Silver, 250 points or more

I'm not sure what you mean but I'll try to give an answer.

If you're going to set up static NAT, you don't need any ACL. Obviously, you'll only get NAT translations for each static NAT statement you configure.

ACL are useful when configuring dynamic NAT. With the ACLs you say to the router the IP adresses you want to be dynamically translated and the ones you don't. Basically, this is the purpose of using ACL with NAT


HTH

Actions

This Discussion