Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PAT question

If I have the following configuration below which port translate to on port 25.


ip nat inside source list 7 interface serial 0 overload

ip nat inside source static tcp 25 25

interface e 0

ip address

ip nat inside

interface s 0

ip address

ip nat outside

access-list 7 deny host

access-list 7 permit



- is the ACL 7 denying the is still require?

- if you have it, is that mean that the server is allowed to go out on port 25 only and will that be allowed to use the S0 IP address?

- if i remove the ACL 7, is the server will use the S0 ip address when accessing outside using ports aside port 25?

Thanks in advnace

Community Member

Re: PAT question

Access list 7 prevents host from being dynamically NATed. Denying host is not required when doing static NAT. The IOS already has the host statically mapped.

With the current configuration, host can only be NATED through port 25. All other ports will not be be NATed.

If you removed the access list 7, only the statically NATed host will be able to route to the outside throught interface S0. Dynamic NATing of other hosts permitted by the access list will fail.

The access list is 7 needed for Dynamic NAT (or PAT), but not needed for static NAT.

The following links will be useful in understanding NAT:

CreatePlease to create content