NAT and access lists and IP INSPECT

Discussion in 'Cisco' started by JF Mezei, Jan 22, 2010.

  1. JF Mezei

    JF Mezei Guest

    (this is on an 871W router)

    ip nat inside source static 10.0.0.11 interface Dialer1

    is a "catch all" NAT directive that will direct any incoming packets
    that have not been handled by a previous nat directive to host 10.0.0.11
    on the lan.



    However, if I do not have such a directive, is it stricly correct that
    for inbound calls, only packets to ports for which there is a NAT
    directive would be allowed beyond the router ?


    In other words, if I do not have an IP NAT mappings for the Microsoft
    Virus ports (445, 139 etc), do I still need an access list to block those ?


    In terms of the IP INSPECT command,of it detects a local host telling a
    remote host "call me on port 6837 for the FTP transfer", the doc says
    that it will setup a ACL entry to open this port.

    However, will IP INSPECT also setup an IP NAT entry to direct those
    packets to the right host on the LAN ?

    Or do I need a catch-all IP NAT command to direct all other ports to the
    host that has the FTP server ?
    JF Mezei, Jan 22, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. didier
    Replies:
    1
    Views:
    9,186
    Didier
    Jan 18, 2004
  2. mclaughlinj

    CBAC & NAT & Access Lists

    mclaughlinj, May 10, 2004, in forum: Cisco
    Replies:
    1
    Views:
    613
    Johnny Routin
    May 10, 2004
  3. VWWall

    Lists of Lists

    VWWall, Oct 20, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    469
    VWWall
    Oct 21, 2004
  4. Replies:
    1
    Views:
    523
    mcaissie
    Oct 15, 2007
  5. JF Mezei
    Replies:
    1
    Views:
    632
    Stuart Gall
    Aug 31, 2009
Loading...

Share This Page