Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
1
Replies

policy static nat

giuseppe parlato
Level 1
Level 1

‎08-21-2012 10:13 PM - edited ‎03-11-2019 04:44 PM

Hello, I have a question regarding policy static nat,

lets suppose I have source 10.1.1.1/32 natted 20.1.1.1/32 with destination 30.0.0.0/8


it means that 10.1.1.1 going to 30.0.0.0/8 will be natted 20.1.1.1 and 30.0.0.0/8 can reach 10.1.1.1/32 through natted ip 20.1.1.1

.. my doubt is .. is that enough (acl applied to nat) or do I also have to apply acl to interface allowing traffic from 30.0.0.0/8 to 20.1.1.1 ?

testing with packet trace seems to be it is not enough.

thanks

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-21-2012 10:38 PM

Hello,

As long as an outbound connection has been created the returning traffic will be allowed for the existing connection.

Are you using a static policy nat?

Are you trying to innitiate a connection from the other side ( 30.x.x.x)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card