Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
1
Replies

CBAC and NAT

rkfcepsa1
Level 1
Level 1

‎02-09-2011 01:07 AM - edited ‎03-11-2019 12:47 PM

Hello,

I have 2811 Series Router with C2800NM-ADVIPSERVICESK9-M), Version 12.4(20)T

my config is :

ETH1 : inside 192.168.1.10

S0/0/0 : outside Encap PPP, outiside 41.12.110.165

CBAC applied on S0/0/0 (inspect out)

Inbound access list applied S0/0/0 to permit only the traffic inspected to return from outside.

Our ISP requested to NAT the traffic with source address 192.168.80.60

I've configured the NAT, but the problem is the returning traffic will be sent to 192.168.80.60 (I've seen my inbound s/0/0/ access list blocking traffic sent to 192.168.80.60 ).

So, is there any secure changes that we can do to change the  order of operation of NAT / CBAC in order to treat packets by nat then pass all to access lists or cbac.

your help will be appreciated.

Thanks

Labels:
0 Helpful
1 Reply 1

guibarati
Level 4
Level 4

‎02-09-2011 05:31 PM

Hi,

It seems it's something else the problem, not the order of things.

If the nat is done first when the packet goes out then the CBAC will see the nated source.

if the CBAC is done first then it will see the original source going out, and the original source caming back (since the nat will be deNATed it back before arriving to CBAC)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card