×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PAT question

Unanswered Question
Jan 18th, 2004
User Badges:

If I have the following configuration below which port translate 10.10.10.1 to 172.16.131.154 on port 25.


************

ip nat inside source list 7 interface serial 0 overload


ip nat inside source static tcp 10.10.10.1 25 172.16.131.254 25


interface e 0

ip address 10.10.10.254 255.255.255.0

ip nat inside


interface s 0

ip address 172.16.131.254 255.255.255.0

ip nat outside


access-list 7 deny host 10.10.10.1

access-list 7 permit 10.10.10.0 0.0.0.255

**************


Question:

- is the ACL 7 denying the 10.10.10.1 is still require?

- if you have it, is that mean that the server is allowed to go out on port 25 only and will that be allowed to use the S0 IP address?

- if i remove the ACL 7, is the server will use the S0 ip address when accessing outside using ports aside port 25?


Thanks in advnace

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fmachoka Mon, 01/19/2004 - 15:28
User Badges:

Access list 7 prevents host 10.10.10.1 from being dynamically NATed. Denying host 10.10.10.1 is not required when doing static NAT. The IOS already has the host statically mapped.


With the current configuration, host 10.10.10.1 can only be NATED through port 25. All other ports will not be be NATed.


If you removed the access list 7, only the statically NATed host 10.10.10.1 will be able to route to the outside throught interface S0. Dynamic NATing of other hosts permitted by the access list will fail.


The access list is 7 needed for Dynamic NAT (or PAT), but not needed for static NAT.


The following links will be useful in understanding NAT:



http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094422.shtml



Actions

This Discussion