cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
572
Views
0
Helpful
4
Replies

Static NAT vs Access-List

Hello,

I have a question what is the best pratice for static NAT and access-list. Example:

web server(192.168.1.1) inside to outside(10.10.10.10) with port 80 and 443.

ip nat inside source static tcp 192.168.1.1 80 10.10.10.10 80

ip nat inside source static tcp 192.168.1.1 443 10.10.10.10 443

Or 

ip nat inside source static 192.168.1.1 10.10.10.10

Access-list 101 permit tcp any host 10.10.10.10 eq 80

Access-list 101 permit tcp any host 10.10.10.10 eq 443


interface ethernet0
ip access-group 101 in

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Operational reasons - it

Operational reasons - it break fewer things.

View solution in original post

4 REPLIES 4
VIP Advisor

Always use 1:1 NAT if you can

Always use 1:1 NAT if you can over individual PAT entries.  Use access-lists to control permissions rather than relying on NAT.

hello Philip,

hello Philip,

Thanks for the reply. Is there a security reason why you would do it like this?.

i'm just curious 

Highlighted
VIP Advisor

Operational reasons - it

Operational reasons - it break fewer things.

View solution in original post

Thanks a lot !

Thanks a lot !