From: Ajay mehra (ajaymehra01@gmail.com)
Date: Tue Nov 25 2008 - 08:43:41 ARST
Hi,
I got this doubt while doing lab 5 form IE WB. Is there any difference
between NAT and Reflexive acls with respect to below question? I was sure
that I do not need 'nat' at all in this case.
Question says:
After recent security issues related to servers located in VLAN 4 a new
corporate policy dictates that R4 be hardened according to the following
requirements:
Treat R4's interface E0/0 as the outside interface and all other interfaces
as inside
Disable CDP on the outside interface
Drop packets that are source routed
TCP or UDP sessions that were initiated from behind R4 should be permitted
inbound from the outside
Allow access to a server located at 10.4.4.100; outside users should be able
to connect to this server using IP address 204.12.X.100
All of my config was good and working except the solution guide enables nat
on inside and outside interfaces. I am not sure what specific requirement
calls for enabling NAT when I have reflexive acls enabled and which would
make sure that I do not except any traffic from the outside except permitted
explicitly.
Can you please clarify?
Thanks,
Ajay
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST