From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Tue Nov 25 2008 - 09:11:00 ARST
How can you achieve this with Reflexive ACLs?
"Allow access to a server located at 10.4.4.100; outside users should be
able
to connect to this server using IP address 204.12.X.100"
Regards
Farrukh
On Tue, Nov 25, 2008 at 1:43 PM, Ajay mehra <ajaymehra01@gmail.com> wrote:
> Hi,
>
> I got this doubt while doing lab 5 form IE WB. Is there any difference
> between NAT and Reflexive acls with respect to below question? I was sure
> that I do not need 'nat' at all in this case.
>
> Question says:
>
> After recent security issues related to servers located in VLAN 4 a new
> corporate policy dictates that R4 be hardened according to the following
> requirements:
>
> Treat R4's interface E0/0 as the outside interface and all other interfaces
> as inside
>
> Disable CDP on the outside interface
>
> Drop packets that are source routed
>
> TCP or UDP sessions that were initiated from behind R4 should be permitted
> inbound from the outside
>
> Allow access to a server located at 10.4.4.100; outside users should be
> able
> to connect to this server using IP address 204.12.X.100
>
>
>
> All of my config was good and working except the solution guide enables nat
> on inside and outside interfaces. I am not sure what specific requirement
> calls for enabling NAT when I have reflexive acls enabled and which would
> make sure that I do not except any traffic from the outside except
> permitted
> explicitly.
>
>
>
> Can you please clarify?
>
>
>
> Thanks,
>
> Ajay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST