Re: Difference between NAT and Reflexive ACls

From: Ajay mehra (ajaymehra01@gmail.com)
Date: Tue Nov 25 2008 - 09:23:00 ARST

• Next message: oluwaseyi ojo: "Re: Passed"
• Previous message: Sadiq Yakasai: "SNMP MIB for bouncing a port on Cat6K"
• Maybe in reply to: Ajay mehra: "Difference between NAT and Reflexive ACls"
• Next in thread: Huan Pham: "Re: Difference between NAT and Reflexive ACls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Shahnawaz and Farrukh,

I did not understand the question in correct way. what I understood was
"outside users will be connecting to 10.4.4.100 using source address
204.12.1.100"
Time to remind my self most basic rule of CCIE lab. "do not overthink" :)

Thanks guys,

Ajay

2008/11/25 Farrukh Haroon <farrukhharoon@gmail.com>

> How can you achieve this with Reflexive ACLs?
>
> "Allow access to a server located at 10.4.4.100; outside users should be
> able
> to connect to this server using IP address 204.12.X.100"
> Regards
>
> Farrukh
> On Tue, Nov 25, 2008 at 1:43 PM, Ajay mehra <ajaymehra01@gmail.com>wrote:
>
>> Hi,
>>
>> I got this doubt while doing lab 5 form IE WB. Is there any difference
>> between NAT and Reflexive acls with respect to below question? I was sure
>> that I do not need 'nat' at all in this case.
>>
>> Question says:
>>
>> After recent security issues related to servers located in VLAN 4 a new
>> corporate policy dictates that R4 be hardened according to the following
>> requirements:
>>
>> Treat R4's interface E0/0 as the outside interface and all other
>> interfaces
>> as inside
>>
>> Disable CDP on the outside interface
>>
>> Drop packets that are source routed
>>
>> TCP or UDP sessions that were initiated from behind R4 should be permitted
>> inbound from the outside
>>
>> Allow access to a server located at 10.4.4.100; outside users should be
>> able
>> to connect to this server using IP address 204.12.X.100
>>
>>
>>
>> All of my config was good and working except the solution guide enables
>> nat
>> on inside and outside interfaces. I am not sure what specific requirement
>> calls for enabling NAT when I have reflexive acls enabled and which would
>> make sure that I do not except any traffic from the outside except
>> permitted
>> explicitly.
>>
>>
>>
>> Can you please clarify?
>>
>>
>>
>> Thanks,
>>
>> Ajay
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: oluwaseyi ojo: "Re: Passed"
• Previous message: Sadiq Yakasai: "SNMP MIB for bouncing a port on Cat6K"
• Maybe in reply to: Ajay mehra: "Difference between NAT and Reflexive ACls"
• Next in thread: Huan Pham: "Re: Difference between NAT and Reflexive ACls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST