From: Timothy Chin (Tim@1c-solutions.com)
Date: Sat Mar 22 2008 - 15:57:06 ART
For your first question do you mean traffic destined for Y and sourcing
from X or vice versa? As for the second question your source list should
be list of ip addresses permitted for translation using a standard
access list:
Access-list 1 permit x.x.x.x
Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Matt Bentley
Sent: Saturday, March 22, 2008 1:49 PM
To: Cisco certification
Subject: NAT and ACL question
Hi GS:
Two quick questions for you all.
Having trouble with determining which "side" of an ACL you match ports
on.
For example:
-We are told to match FTP traffic going from X to Y. Is the ACL like
option
(1) or (2)?
(1) access-list 101 permit tcp host [x] eq ftp host [y]
(2) access-list 101 permit tcp host [x] host [y] eq ftp
What is a good way to determine this?
Also, with NAT, I have a a question. I set up a translation as below:
R1--->R2--->R3
R2:
int fa0/1 (to R1)
ip nat inside
ip add 1.1.1.2
int fa0/2 (to R2)
ip nat outside
ip add 2.2.2.1
ip nat inside source list 101 interface fa0/2 overload
access-list 101 permit icmp any any
Wouldn't this cause any ICMP traffic (ie ping) that R1 sends to R3 to
have
its source address translated from 1.1.1.1 to 2.2.2.1?'
I set this up and the output from "debug ip icmp" showed the ICMP
packets
still coming from source of 1.1.1.1 - not 2.2.2.1 - what am I doing
wrong?
Thanks in advance.
Matt Bentley
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART