Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
2
Replies

NAT and Access List

Go to solution
James Hoggard
Level 1
Level 1

‎12-11-2013 04:01 AM - edited ‎03-11-2019 08:16 PM

Please can somone explain the following...

why do some people define a service for example 3389 or http  in there static  NAT rule?

Is it not easier to use serivce IP and then define what you want through  an access list?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-11-2013 04:12 AM

Hi,

I guess you are asking why some people configure Static PAT (Port Forward) rather than Static NAT?

In some cases that I have seen I would say using Static PAT is just a mistake in the configuration format by the user. What I mean is that I think the users think that this is how its supposed to be done and end up with a messy NAT configuration as each port requires its own "nat" configuration.

In some cases naturally the user might not have any other public IP addresses other than the one configured on their external interface and then the only option is to use Static PAT.

If you got free IP addresses at your disposal then I would suggest going with Static NAT instead of Static PAT and controlling the allowed ports with the ACL as you mentioned.

Hope this helps

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-11-2013 04:12 AM

Hi,

I guess you are asking why some people configure Static PAT (Port Forward) rather than Static NAT?

In some cases that I have seen I would say using Static PAT is just a mistake in the configuration format by the user. What I mean is that I think the users think that this is how its supposed to be done and end up with a messy NAT configuration as each port requires its own "nat" configuration.

In some cases naturally the user might not have any other public IP addresses other than the one configured on their external interface and then the only option is to use Static PAT.

If you got free IP addresses at your disposal then I would suggest going with Static NAT instead of Static PAT and controlling the allowed ports with the ACL as you mentioned.

Hope this helps

- Jouni

0 Helpful

Go to solution
James Hoggard
Level 1
Level 1
In response to Jouni Forss

‎12-11-2013 06:59 AM

The only thing i can see it used for is in case you need a mapped port to a real port.

Is that what it's called static PAT? i have attached an exmaple which is not using the outisde interface just a public that is

available.

I will change the service to use IP and define the ports that allowed through on the access list.

Thanks

James.

Preview file
73 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card