Re: ip nat reversible
From: Joseph Saad (joseph.samir.saad@gmail.com)
Date: Sat Jan 05 2008 - 10:19:42 ARST
Actually read that before I post the question. The problem is in
http://www.groupstudy.com/archives/ccielab/200610/msg00401.html
I also feel it is wrong, as it would be a major security issue if the
outside-to-inside can be established without inside-to-outside entries are
created.
I feel it does extra validation only because in the documentation, at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t
/123t_14/gtnato2n.htm
it mentions:
Restrictions for NAT Routemaps Outside-to-Inside Support
�Only IP hosts that are part of the routemap configuration will allow
outside sessions.
�Outside sessions must use an access list.
Joseph.
On Jan 5, 2008 3:48 PM, Gary Duncanson <gary.duncanson@googlemail.com>
wrote:
> Joseph
>
> I found this in the archives. does it help some?
>
> Gary
>
> http://www.groupstudy.com/archives/ccielab/200610/msg00361.html
> ----- Original Message -----
> From: "Joseph Saad" <joseph.samir.saad@gmail.com>
> To: "Cisco certification" <ccielab@groupstudy.com>
> Sent: Saturday, January 05, 2008 10:59 AM
> Subject: ip nat reversible
>
>
> >I have been banging my head against the config guide for "ip nat
> route-map
> > reversible" for over 2 hours now.
> >
> > The example is not helping at all, but what I understood (along from all
> > the
> > previous GS posts) is that it provides extra security by validating the
> > outside IP address against an ACL in the route-map rather than simply
> > allowing access to the "Cached Translated entry".
> >
> > Anyone have a more solid idea on how to test this feature or what it
> > really
> > achieves.
> >
> > Joseph.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Fri Feb 01 2008 - 10:37:57 ARST