access-list 101 permit ip 192.168.1.0 0.0.0.255 any
then a connection cannot be initiated from the outside UNLESS there is already a translation for that address in the nat translation table ie.
192.168.1.20 is inside address. If 192.168.1.20 hasn't connected out thru the router then you can't connect to it by using one of the pool addresses. But obviously if it has connected out there will be a NAT translation and therefore the NAT will work coming back as well.
1) Assuming no firewalling capabilities on router you could use the "estasblished" keyword for TCP connections in an acl applied to the outside interface in an inbound direction.
2) Reflexive acl's - an improvement on 1)
2) Alternatively you could simply overload on the port numbers ie. instead of mapping one-to-one you map all your inside addresses to one single outside address. Still would allow connections to be initiated from outside but now you have to get the port details as well which is a lot less likely.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...