From: Leo Leung (leoleung_yh@yahoo.com)
Date: Fri Jun 23 2006 - 03:44:59 ART
Hi Group,
Just for some clarification for question 11.1 we need
a dynamic NAT and for 11.2 we need a static NAT;
However the web/email server IP 173.1.5.100 is
translated in both dynamic and static NAT
simultaneously,
ip nat inside source list 7 interface Ethernet0/0
overload
ip nat inside source static tcp 173.1.5.100 80
192.10.1.5 80 extendable
ip nat inside source static tcp 173.1.5.100 25
192.10.1.5 25 extendable
ip nat inside source static tcp 173.1.5.100 110
192.10.1.5 110 extendable
ip nat inside source static tcp 173.1.5.100 443
192.10.1.5 443 extendable
does it need to deny host IP 173.1.5.100 in the
access-list like
access-list 7 deny 173.1.5.100
access-list 7 permit 173.1.0.0 0.0.255.255
access-list 7 permit 150.1.0.0 0.0.15.255
This would prevent packets sourced from inside local
address 173.1.5.100 being able to generate NAT
dynamically. Is it necessary or just as the answer
goes without denying it?
Regards,
Leo
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART