[nsp] stupid NAT tricks
Christopher J. Wolff
chris at bblabs.com
Sun Feb 29 20:49:32 EST 2004
Gareth,
After RTFM'ing it seems that NAT'ing with route maps creates a great deal of
flexibility while at the same time creating about five layers of complexity
:)
Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
-----Original Message-----
From: Gareth Bromley [mailto:gbromley at intstar.com]
Sent: Sunday, February 29, 2004 12:29 PM
To: Christopher J. Wolff
Cc: cisco-nsp at puck.nether.net
Subject: RE: [nsp] stupid NAT tricks
On Sun, 29 Feb 2004, Christopher J. Wolff wrote:
> You have a good point sir. I suppose I've never thought of using the NAT
> ACL to control what destination can be NAT'ed to, I've only thought of it
in
> the context of which nat inside hosts get access to the internet.
And while were talking NAT and ACLs, its best to use route-maps with NAT
as they generate extended NAT entries i.e. src address/port and dst
address/port which ACLs dont do as they tend to create standard NAT
entriess.
See www.cisco.com for more useful information, as this 'bites' you if you
do multi NAT outsides to different address ranges.
Enjoy
G
More information about the cisco-nsp
mailing list