[c-nsp] PAT allowing incoming translations?
Michael Markstaller
mm at elabnet.de
Tue Feb 8 11:34:11 EST 2005
> -----Original Message-----
> From: Brian Feeny
> Sent: Tuesday, February 08, 2005 4:02 PM
> To: 'cisco-nsp'
> Subject: [c-nsp] PAT allowing incoming translations?
>
>
> I was under the (possibly wrong) impression that PAT does not
> allow any
> incoming translations unless you specifically define them. I have a
> router, running PAT, and If I telnet to port 135 of the pools single
> address, it connects me to port 135 of one of my inside windows boxes.
I've seen similar behavior, my learning from that was to alsways block
incoming traffic to natted IP's by outside ACL and run CBAC (inspect
out) on the outside interface..
Michael
More information about the cisco-nsp
mailing list