cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1747
Views
0
Helpful
4
Replies

Static NAT vs Access-List

Hello,

I have a question what is the best pratice for static NAT and access-list. Example:

web server(192.168.1.1) inside to outside(10.10.10.10) with port 80 and 443.

ip nat inside source static tcp 192.168.1.1 80 10.10.10.10 80

ip nat inside source static tcp 192.168.1.1 443 10.10.10.10 443

Or 

ip nat inside source static 192.168.1.1 10.10.10.10

Access-list 101 permit tcp any host 10.10.10.10 eq 80

Access-list 101 permit tcp any host 10.10.10.10 eq 443


interface ethernet0
ip access-group 101 in

Thanks

1 Accepted Solution

Accepted Solutions

Operational reasons - it break fewer things.

View solution in original post

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

Always use 1:1 NAT if you can over individual PAT entries.  Use access-lists to control permissions rather than relying on NAT.

hello Philip,

Thanks for the reply. Is there a security reason why you would do it like this?.

i'm just curious 

Operational reasons - it break fewer things.

Thanks a lot !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: