From: Matt Bentley (mattdbentley@gmail.com)
Date: Sat Mar 22 2008 - 14:48:59 ART
Hi GS:
Two quick questions for you all.
Having trouble with determining which "side" of an ACL you match ports on.
For example:
-We are told to match FTP traffic going from X to Y. Is the ACL like option
(1) or (2)?
(1) access-list 101 permit tcp host [x] eq ftp host [y]
(2) access-list 101 permit tcp host [x] host [y] eq ftp
What is a good way to determine this?
Also, with NAT, I have a a question. I set up a translation as below:
R1--->R2--->R3
R2:
int fa0/1 (to R1)
ip nat inside
ip add 1.1.1.2
int fa0/2 (to R2)
ip nat outside
ip add 2.2.2.1
ip nat inside source list 101 interface fa0/2 overload
access-list 101 permit icmp any any
Wouldn't this cause any ICMP traffic (ie ping) that R1 sends to R3 to have
its source address translated from 1.1.1.1 to 2.2.2.1?'
I set this up and the output from "debug ip icmp" showed the ICMP packets
still coming from source of 1.1.1.1 - not 2.2.2.1 - what am I doing wrong?
Thanks in advance.
Matt Bentley
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART