07-28-2003 10:43 PM - edited 03-02-2019 09:11 AM
I'm new to setting up NAT and I am curious as to why you need to put an ACL in to get it to work. Is it in the programming of NAT to deny as default? I've looked around and the pages seem to say, "just do it like this and it will work". So I did, and it does, but why?
Sorry if this is too basic...
Solved! Go to Solution.
07-28-2003 11:00 PM
Nat has two types of translations, dynamic and static. static is more like an one to one mapping. While in case of dynamic NAT, there needs to be some way to define which traffic needs to be nated, and which is not. The way Cisco has designed, NAT to select a particular traffic to be NATed, is to match the traffic using an access-list.
07-28-2003 11:00 PM
Nat has two types of translations, dynamic and static. static is more like an one to one mapping. While in case of dynamic NAT, there needs to be some way to define which traffic needs to be nated, and which is not. The way Cisco has designed, NAT to select a particular traffic to be NATed, is to match the traffic using an access-list.
07-28-2003 11:05 PM
That's what I needed. Thanks!
07-28-2003 11:06 PM
I'm not sure what you mean but I'll try to give an answer.
If you're going to set up static NAT, you don't need any ACL. Obviously, you'll only get NAT translations for each static NAT statement you configure.
ACL are useful when configuring dynamic NAT. With the ACLs you say to the router the IP adresses you want to be dynamically translated and the ones you don't. Basically, this is the purpose of using ACL with NAT
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: