https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779390#M914814 <P>Thanks a lot !</P> Mon, 25 Jan 2016 19:23:37 GMT johan oosterwaal 2016-01-25T19:23:37Z https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779386#M914808 <P>Hello,</P> <P>I have a question what is the best pratice for static NAT and access-list. Example:</P> <P>web server(192.168.1.1) inside to outside(10.10.10.10) with port 80 and 443.</P> <P>ip nat inside source static tcp 192.168.1.1 80 10.10.10.10 80</P> <P>ip nat inside source static tcp 192.168.1.1 443 10.10.10.10 443</P> <P>Or&nbsp;</P> <P>ip nat inside source static 192.168.1.1 10.10.10.10</P> <P>Access-list 101 permit tcp any host 10.10.10.10 eq 80</P> <P>Access-list 101 permit tcp any host 10.10.10.10 eq 443</P> <P><BR />interface ethernet0<BR />ip access-group 101 in</P> <P></P> <P>Thanks</P> Fri, 21 Feb 2020 13:42:34 GMT https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779386#M914808 johan oosterwaal 2020-02-21T13:42:34Z https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779387#M914811 <P>Always use 1:1 NAT if you can over individual PAT entries. &nbsp;Use access-lists to control permissions rather than relying on NAT.</P> Fri, 22 Jan 2016 22:18:56 GMT https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779387#M914811 Philip D'Ath 2016-01-22T22:18:56Z https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779388#M914812 <P>hello&nbsp;Philip,</P> <P>Thanks for the reply. Is there a security reason why you would do it like this?.</P> <P>i'm just curious&nbsp;</P> Mon, 25 Jan 2016 09:20:57 GMT https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779388#M914812 johan oosterwaal 2016-01-25T09:20:57Z https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779389#M914813 <P>Operational reasons - it break fewer things.</P> Mon, 25 Jan 2016 09:23:14 GMT https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779389#M914813 Philip D'Ath 2016-01-25T09:23:14Z https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779390#M914814 <P>Thanks a lot !</P> Mon, 25 Jan 2016 19:23:37 GMT https://community.cisco.com/t5/network-security/static-nat-vs-access-list/m-p/2779390#M914814 johan oosterwaal 2016-01-25T19:23:37Z