Re: NAT Exemption

From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sat Dec 16 2006 - 15:56:15 ART

• Next message: Mike O: "Help with IGP on IEWB Lab3 v1 question 4.9"
• Previous message: Mark Snow: "RE: ALIAS..."
• Maybe in reply to: V Shekhar: "NAT Exemption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Please pay attention to this:

<DocCD>
It is important to understand the difference between identity NAT and NAT
exemption. With identity NAT, you can accept the inbound traffic only when
the traffic is initiated from the inside and after the xlate is created. NAT
exemption allows traffic whenever it matches the referenced ACL, regardless
of whether or not there is already an xlate. Identity NAT allows you to set
additional NAT parameters, such as *norandomseq*. NAT exemption allows only
the *outside* option.
</DocCD>

So with NAT Exemption NO xlates are created...

2006/12/15, Kal Han <calikali2006@gmail.com>:
>
> with
> nat (inside) 0 <IP> <mask>
> only outbound traffic will create an xlate..
>
> with
> nat(inside) 0 access-list acl
> xlates are created by traffic from any direction.
>
> Kal
>

-- 
Petr Lapukhov, CCIE #16379 (R&S/Security)
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com

• Next message: Mike O: "Help with IGP on IEWB Lab3 v1 question 4.9"
• Previous message: Mark Snow: "RE: ALIAS..."
• Maybe in reply to: V Shekhar: "NAT Exemption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:38 ART