Re: ip nat reversible

From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Sat Jan 05 2008 - 13:45:08 ARST

• Next message: Gupta, Gopal (NWCC): "RE: Statically mapping broadcasts"
• Previous message: Cielieska Nathan: "Re: Rack rental"
• Maybe in reply to: Joseph Saad: "ip nat reversible"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I agree that the explanation is poor. It looks like a two way NAT solution
to me, allowing outbound and inbound NATting by adding an entry to the NAT
pool when an inbound flow is detected. It's not something I have used...yet.
Perhaps some of the others can shed more light?

----- Original Message -----
From: "Joseph Saad" <joseph.samir.saad@gmail.com>
To: "Cisco certification" <ccielab@groupstudy.com>
Sent: Saturday, January 05, 2008 12:19 PM
Subject: Re: ip nat reversible

> Actually read that before I post the question. The problem is in
> http://www.groupstudy.com/archives/ccielab/200610/msg00401.html
>
> I also feel it is wrong, as it would be a major security issue if the
> outside-to-inside can be established without inside-to-outside entries are
> created.
>
> I feel it does extra validation only because in the documentation, at
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t
> /123t_14/gtnato2n.htm
>
> it mentions:
>
> Restrictions for NAT Routemaps Outside-to-Inside Support
>
> Only IP hosts that are part of the routemap configuration will allow
> outside sessions.
>
> Outside sessions must use an access list.
>
> Joseph.
>
> On Jan 5, 2008 3:48 PM, Gary Duncanson <gary.duncanson@googlemail.com>
> wrote:
>
>> Joseph
>>
>> I found this in the archives. does it help some?
>>
>> Gary
>>
>> http://www.groupstudy.com/archives/ccielab/200610/msg00361.html
>> ----- Original Message -----
>> From: "Joseph Saad" <joseph.samir.saad@gmail.com>
>> To: "Cisco certification" <ccielab@groupstudy.com>
>> Sent: Saturday, January 05, 2008 10:59 AM
>> Subject: ip nat reversible
>>
>>
>> >I have been banging my head against the config guide for "ip nat
>> route-map
>> > reversible" for over 2 hours now.
>> >
>> > The example is not helping at all, but what I understood (along from
>> > all
>> > the
>> > previous GS posts) is that it provides extra security by validating the
>> > outside IP address against an ACL in the route-map rather than simply
>> > allowing access to the "Cached Translated entry".
>> >
>> > Anyone have a more solid idea on how to test this feature or what it
>> > really
>> > achieves.
>> >
>> > Joseph.
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Gupta, Gopal (NWCC): "RE: Statically mapping broadcasts"
• Previous message: Cielieska Nathan: "Re: Rack rental"
• Maybe in reply to: Joseph Saad: "ip nat reversible"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST