01-22-2016 07:10 AM - edited 02-21-2020 05:42 AM
Hello,
I have a question what is the best pratice for static NAT and access-list. Example:
web server(192.168.1.1) inside to outside(10.10.10.10) with port 80 and 443.
ip nat inside source static tcp 192.168.1.1 80 10.10.10.10 80
ip nat inside source static tcp 192.168.1.1 443 10.10.10.10 443
Or
ip nat inside source static 192.168.1.1 10.10.10.10
Access-list 101 permit tcp any host 10.10.10.10 eq 80
Access-list 101 permit tcp any host 10.10.10.10 eq 443
interface ethernet0
ip access-group 101 in
Thanks
Solved! Go to Solution.
01-25-2016 01:23 AM
Operational reasons - it break fewer things.
01-22-2016 02:18 PM
Always use 1:1 NAT if you can over individual PAT entries. Use access-lists to control permissions rather than relying on NAT.
01-25-2016 01:20 AM
hello Philip,
Thanks for the reply. Is there a security reason why you would do it like this?.
i'm just curious
01-25-2016 01:23 AM
Operational reasons - it break fewer things.
01-25-2016 11:23 AM
Thanks a lot !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide