Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SDM NAT config with 1 web server

I was playing around with SDM's NAT creator using dynamic NAT with one web server on the LAN.  It made this config:

ip nat inside source route-map SDM_RMAP_1 interface Serial0 overload
ip nat inside source static tcp 192.168.1.213 80 xxx.xxx.xxx.xxx 80 extendable

access-list 100 remark SDM_ACL Category=2
access-list 100 deny   tcp host 192.168.1.213 eq www any
access-list 100 deny   ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 100 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

route-map SDM_RMAP_1 permit 1
match ip address 100

I understand everything but the first deny in the ACL.  It's saying "don't NAT anything from the web server going to port 80."  Why?

446
Views
0
Helpful
0
Replies
CreatePlease login to create content