From: Shahid Ansari (shahid1357@gmail.com)
Date: Tue Feb 17 2009 - 04:20:48 ARST
Dear Sousa,
The main difference between identity NAT and NAT exemption is that with
identity NAT, the traffic must be sourced from the address specified with
the nat 0 statement, whereas with NAT exemption, traffic can be initiated by
the hosts on either side of the security appliance. NAT exemption is a
preferred method to bypass traffic when it is over a VPN tunnel.
also In NAT exemption, the ACL cannot use TCP-UDP ports
Thanks
Shahid Ansari
On Tue, Feb 17, 2009 at 1:55 AM, Vladimir Sousa <vladrac@gmail.com> wrote:
> Hello Everyone,
>
> What is the real difference between Identity Nat and Nat exemption?
>
> Identity Nat: nat (interface) 0 ip mask
> Nat exempt : nat (interface) 0 access-list
>
> when using nat-control
> the first one creates on NAT that translate IPs to the same IPs
> the second doesnt create any nat translation, but permit access to the IPs
> on the ACL
>
> So, what the real difference and what are the cases to use one or the
> other?
>
> Vlad CCIE R&S 19718
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST