[nsp] stupid NAT tricks

Christopher J. Wolff chris at bblabs.com
Sun Feb 29 14:03:06 EST 2004


Gert,

You have a good point sir.  I suppose I've never thought of using the NAT
ACL to control what destination can be NAT'ed to, I've only thought of it in
the context of which nat inside hosts get access to the internet.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de] 
Sent: Sunday, February 29, 2004 11:49 AM
To: Christopher J. Wolff
Cc: 'Gert Doering'; cisco-nsp at puck.nether.net
Subject: Re: [nsp] stupid NAT tricks

Hi,

On Sun, Feb 29, 2004 at 11:43:00AM -0700, Christopher J. Wolff wrote:
> Thank you for the clarification.  Wouldn't I want to give the client
inside
> the 'ip nat inside' interface a static non-routable IP and then exclude
that
> client from the NAT ACL?  

I don't fully grok that question.

If the IP is non-routeable, and you exclude it from NAT, what do you gain?

gert
-- 
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de



More information about the cisco-nsp mailing list