[nsp] stupid NAT tricks
Gareth Bromley
gbromley at intstar.com
Sun Feb 29 14:28:34 EST 2004
On Sun, 29 Feb 2004, Christopher J. Wolff wrote:
> You have a good point sir. I suppose I've never thought of using the NAT
> ACL to control what destination can be NAT'ed to, I've only thought of it in
> the context of which nat inside hosts get access to the internet.
And while were talking NAT and ACLs, its best to use route-maps with NAT
as they generate extended NAT entries i.e. src address/port and dst
address/port which ACLs dont do as they tend to create standard NAT
entriess.
See www.cisco.com for more useful information, as this 'bites' you if you
do multi NAT outsides to different address ranges.
Enjoy
G
More information about the cisco-nsp
mailing list