Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
ovt Bronze
Bronze

"nat (inside) 0 access-list ..." lacks em_limit

Hi!

Why is it not possible to specify em_limit in "nat (inside) 0 access-list ..."

command? Is that correct that this variation of "nat 0" was designed to

be used for traffic between trusted subnets only? Is it possible to protect

against SYN flood attacks if this variation of the command needs to be used?

Oleg Tipisov,

REDCENTER,

Moscow

1 REPLY
Cisco Employee

Re: "nat (inside) 0 access-list ..." lacks em_limit

"nat 0 access-list" was specifically designed for use with VPN tunnels, although I guess it can be used for just normal outbound NAT. If you do use this variation for normal NAT then you are going to be more susceptible to SYN floods.

I guess the developers figured you wouldn't want to limit the connections going over a VPN.

99
Views
0
Helpful
1
Replies
CreatePlease to create content