clarification (high to low interface)

echelon360 · ‎09-02-2004

Hi,

wondering if you could clear my doubts on this

interface e4 172.16.25.0 255.255.255.128 sec10

interface e1 172.16.25.193 255.255.255.224 sec100

if i disabled translation bet the two interfaces

static (e1,e4) 172.16.25.0 172.16.25.0 netmask 255.255.255.0

1)Comms will pass through from int e1 to int e4 w/o any problems.Correct me on this if necessary.

2)in the event i need a host from e4 (172.16.25.196)

to get to a host in e1 (172.16.25.20).I'll have to declare a static

>access-list test permit tcp host 172.16.25.196 host 172.16.25.20 eq telnet

3)If i were to declare an acl at interface e1

>access-list ping_test permit icmp any any

Does it mean that the comms bet higher to lower still

exist OR do i have to start appplying acl's as well for every traffic that goes inbound/outbound via int e1 (i.e the logic of comms passing from high>low w/o problems no longer exist)

tbissett · ‎09-02-2004

Ansers to your questions:

1) Comms will pass from e1 to e4, but only if you have a NAT/Global combo, NAT 0 statement, or static statement. You must have one of those to go from higher to lower. Lower to higher requires the same AND an ACL permitting the traffic.

2) Either a static or NAT 0 between the two, AND (not or) an access-list are required.

3) If you declare an access-list on e1, then you must type in ACL lines to permit all types of traffic you want to pass from higher to lower.

davecs · ‎09-02-2004

i am a big fan of "nat 0 access-lists"

if you dont need nat then dont use it!

d.