From: Ajay mehra (ajaymehra01@gmail.com)
Date: Thu Aug 14 2008 - 04:15:04 ART
Hi,
Need your help in understanding this behaviour.
I have three routers connnected back to back.
(inside)R1--------R2------R3(outside)
R1 is on inside interface of R2 and R3 is on outside of R2.
on R2 I have enabled source address translation. From R1 when I ping R3 ,
NAT entry is created in R2. assuming that I do not have any entry in nat
table if I ping from R3 to R2 i can ping sucessfully. Now this is where I
have doubt. If I replace R2 with PIX I am sure I won't be able to able to
ping from R3 to R2 if I do not have entry in xlate table because traffic
comes on the outside interface with no entry in xlate. Is it because on
IOSfirewall we do not have security level asigned like we have in PIX/ASA?
on R2 configs are:
interface GigabitEthernet0
ip nat inside
interface GigabitEthernet1
ip nat outside
ip nat inside source list 45 interface GigabitEthernet1 overload
Thanks for your help,
Ajay
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART