09-02-2004 12:30 AM - edited 03-09-2019 08:41 AM
Hi,
wondering if you could clear my doubts on this
interface e4 172.16.25.0 255.255.255.128 sec10
interface e1 172.16.25.193 255.255.255.224 sec100
if i disabled translation bet the two interfaces
static (e1,e4) 172.16.25.0 172.16.25.0 netmask 255.255.255.0
1)Comms will pass through from int e1 to int e4 w/o any problems.Correct me on this if necessary.
2)in the event i need a host from e4 (172.16.25.196)
to get to a host in e1 (172.16.25.20).I'll have to declare a static
>access-list test permit tcp host 172.16.25.196 host 172.16.25.20 eq telnet
3)If i were to declare an acl at interface e1
>access-list ping_test permit icmp any any
Does it mean that the comms bet higher to lower still
exist OR do i have to start appplying acl's as well for every traffic that goes inbound/outbound via int e1 (i.e the logic of comms passing from high>low w/o problems no longer exist)
09-02-2004 05:53 AM
Ansers to your questions:
1) Comms will pass from e1 to e4, but only if you have a NAT/Global combo, NAT 0 statement, or static statement. You must have one of those to go from higher to lower. Lower to higher requires the same AND an ACL permitting the traffic.
2) Either a static or NAT 0 between the two, AND (not or) an access-list are required.
3) If you declare an access-list on e1, then you must type in ACL lines to permit all types of traffic you want to pass from higher to lower.
09-02-2004 08:34 PM
i am a big fan of "nat 0 access-lists"
if you dont need nat then dont use it!
d.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide