Hi,
What is the effect of the deny statement in the extended ACL for the source
list in the NAT statement.
ip access-list extended NAT
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip any any
why not just a permit statement.
thanks
On Sun, May 15, 2011 at 6:04 AM, garry baker <baker.garry_at_gmail.com> wrote:
> yep i was just stating generic reason for using route-map like you said its
> flexibility...
>
> that happens alot, like in BGP where you can set things on the neighbor
> statements but also use a route-map, just about the flexibility in any
> case,
> cause you never know down the road you need to add that next level and if
> you have the route-map, you are all set...
>
> you are on the right track as for the lab exam though, have to know and
> understand all the options cause they will take most of them away from you
> first thing you know...
>
> --
> Garry L. Baker
>
> "With sufficient thrust, pigs fly just fine..." - RFC 1925
>
>
>
> On Sun, May 15, 2011 at 7:45 AM, Radioactive Frog <pbhatkoti_at_gmail.com
> >wrote:
>
> > Thanks Garry/Andrew,
> >
> > @Garry:
> > Actually, I have mentioned, I have specific scenario - 2 interfaces
> -inside
> > and outside only. no dual-homing etc.
> >
> > >>Noticed, I am not tweaking any metric or anything.
> > so still can't see why would anyone will use in my examples route-map.
> both
> > route-map and simple nat acl are producing the same result.
> >
> > I think as you both have mentioned - route-map is flexible and list ACL
> is
> > not.
> >
> > Need to read between the lines for this one or Just use the route-map.
> >
> >
> >
> >
> > On Sun, May 15, 2011 at 1:17 PM, garry baker <baker.garry_at_gmail.com
> >wrote:
> >
> >> Note 2
> >> The advantage of using route-maps is that under the match command you
> can
> >> have more options other than source IP address. For example, under the
> >> route-map, match interface or match ip next-hop can be specified. By
> using
> >> route-maps, you can specify the IP address as well as the interface or
> the
> >> next-hop address to which the packet is to be forwarded. Therefore,
> >> route-maps with NAT are used in a scenario where the subscriber is
> >> multi-homing to different ISPs.
> >>
> >>
> >>
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml
> >>
> >> --
> >> Garry L. Baker
> >>
> >> "With sufficient thrust, pigs fly just fine..." - RFC 1925
> >>
> >>
> >>
> >> On Sun, May 15, 2011 at 4:51 AM, Radioactive Frog <pbhatkoti_at_gmail.com
> >wrote:
> >>
> >>> Folks,
> >>> In below scenario where I am excluding 192.168.1.0/24 from NAT - in
> what
> >>> scenario I'd use route-map?
> >>> Noticed, I am not tweaking any metric or anything.
> >>>
> >>> Task# exclude 192.168.1.0/24 from NAT
> >>>
> >>> My understanding is both solution will work but easier one is
> solution#2
> >>> without route-map. Save time in typing :)
> >>>
> >>> what are your thoughts?
> >>>
> >>> --------------- Solution#1----------------
> >>> ip access-list extended NAT
> >>> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> >>> permit ip any any
> >>>
> >>> route-map POLICY-NAT 10
> >>> match ip address NAT
> >>>
> >>> ip nat source route-map POLICY-NAT interface s0/0 overload
> >>>
> >>> interface f1/0
> >>> ip nat inside
> >>>
> >>> interface s0/0
> >>> ip nat outside
> >>>
> >>> ----------Solution#2---------------
> >>> ip access-list extended NAT
> >>> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> >>> permit ip any any
> >>>
> >>> ip nat source list NAT interface s0/0 overload
> >>>
> >>> interface f1/0
> >>> ip nat inside
> >>>
> >>> interface s0/0
> >>> ip nat outside
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Cherish your visions and your dreams as they are the children of your soul, the blueprints of your ultimate achievements. "Napoleon Hill" There are no limitations to the mind except those we acknowledge; both poverty and riches are the offspring of thought. "Napoleon Hill" Abdul Muhammed Murtala American University of Nigeria Lamido Zubairu way, Yola Adamawa +2348052001153, +2348056201237 Network Manager MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written. Blogs and organic groups at http://www.ccie.netReceived on Tue May 17 2011 - 06:53:10 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART