Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT Curiosity

I'm new to setting up NAT and I am curious as to why you need to put an ACL in to get it to work. Is it in the programming of NAT to deny as default? I've looked around and the pages seem to say, "just do it like this and it will work". So I did, and it does, but why?

Sorry if this is too basic...

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NAT Curiosity

Nat has two types of translations, dynamic and static. static is more like an one to one mapping. While in case of dynamic NAT, there needs to be some way to define which traffic needs to be nated, and which is not. The way Cisco has designed, NAT to select a particular traffic to be NATed, is to match the traffic using an access-list.

3 REPLIES

Re: NAT Curiosity

Nat has two types of translations, dynamic and static. static is more like an one to one mapping. While in case of dynamic NAT, there needs to be some way to define which traffic needs to be nated, and which is not. The way Cisco has designed, NAT to select a particular traffic to be NATed, is to match the traffic using an access-list.

Community Member

Re: NAT Curiosity

That's what I needed. Thanks!

Silver

Re: NAT Curiosity

I'm not sure what you mean but I'll try to give an answer.

If you're going to set up static NAT, you don't need any ACL. Obviously, you'll only get NAT translations for each static NAT statement you configure.

ACL are useful when configuring dynamic NAT. With the ACLs you say to the router the IP adresses you want to be dynamically translated and the ones you don't. Basically, this is the purpose of using ACL with NAT

HTH

87
Views
0
Helpful
3
Replies
CreatePlease to create content