cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
366
Views
0
Helpful
2
Replies

NAT and Access List

James Hoggard
Level 1
Level 1

Please can somone explain the following...

why do some people define a service for example 3389 or http  in there static  NAT rule?

Is it not easier to use serivce IP and then define what you want through  an access list?

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I guess you are asking why some people configure Static PAT (Port Forward) rather than Static NAT?

In some cases that I have seen I would say using Static PAT is just a mistake in the configuration format by the user. What I mean is that I think the users think that this is how its supposed to be done and end up with a messy NAT configuration as each port requires its own "nat" configuration.

In some cases naturally the user might not have any other public IP addresses other than the one configured on their external interface and then the only option is to use Static PAT.

If you got free IP addresses at your disposal then I would suggest going with Static NAT instead of Static PAT and controlling the allowed ports with the ACL as you mentioned.

Hope this helps

- Jouni

View solution in original post

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I guess you are asking why some people configure Static PAT (Port Forward) rather than Static NAT?

In some cases that I have seen I would say using Static PAT is just a mistake in the configuration format by the user. What I mean is that I think the users think that this is how its supposed to be done and end up with a messy NAT configuration as each port requires its own "nat" configuration.

In some cases naturally the user might not have any other public IP addresses other than the one configured on their external interface and then the only option is to use Static PAT.

If you got free IP addresses at your disposal then I would suggest going with Static NAT instead of Static PAT and controlling the allowed ports with the ACL as you mentioned.

Hope this helps

- Jouni

The only thing i can see it used for is in case you need a mapped port to a real port.

Is that what it's called static PAT? i have attached an exmaple which is not using the outisde interface just a public that is

available.

I will change the service to use IP and define the ports that allowed through on the access list.

Thanks

James.

Review Cisco Networking for a $25 gift card