Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
1
Replies

NAT and Access-lists

rshullaw
Level 1
Level 1

‎01-20-2003 08:14 PM - edited ‎03-09-2019 01:45 AM

Question:

When creating an inbound access list on a serial port connected to the Internet that is performing NAT (Serial is the NAT Outside interface), which IP address should be specified in permit statements, the internal Inside local (i.e 10.1.1.x) or the Inside global or public address of the translation?

For example:

access-list 105 permit tcp any eq 80 10.1.1.0 0.0.0.255

or

access-list 105 permit tcp any eq 80 xxx.xxx.xxx.0 0.0.0.255

(where xxx.xxx.xxx is the range of public ip addresses?)

Any help would be appreciated!!

Labels:
0 Helpful
1 Reply 1

bstillman
Level 1
Level 1

‎01-20-2003 08:21 PM

Your inbound access-list should refer to the public IP addresses.

0 Helpful
Customers Also Viewed These Support Documents