Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PAT question

Unanswered Question
Jan 18th, 2004
User Badges:

If I have the following configuration below which port translate to on port 25.


ip nat inside source list 7 interface serial 0 overload

ip nat inside source static tcp 25 25

interface e 0

ip address

ip nat inside

interface s 0

ip address

ip nat outside

access-list 7 deny host

access-list 7 permit



- is the ACL 7 denying the is still require?

- if you have it, is that mean that the server is allowed to go out on port 25 only and will that be allowed to use the S0 IP address?

- if i remove the ACL 7, is the server will use the S0 ip address when accessing outside using ports aside port 25?

Thanks in advnace

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
fmachoka Mon, 01/19/2004 - 15:28
User Badges:

Access list 7 prevents host from being dynamically NATed. Denying host is not required when doing static NAT. The IOS already has the host statically mapped.

With the current configuration, host can only be NATED through port 25. All other ports will not be be NATed.

If you removed the access list 7, only the statically NATed host will be able to route to the outside throught interface S0. Dynamic NATing of other hosts permitted by the access list will fail.

The access list is 7 needed for Dynamic NAT (or PAT), but not needed for static NAT.

The following links will be useful in understanding NAT:




This Discussion