GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Difference between NAT and Reflexive ACls posted 11/25/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Thanks Shahnawaz and Farrukh,

I did not understand the question in correct way. what I understood was
"outside users will be connecting to 10.4.4.100 using source address
204.12.1.100"
Time to remind my self most basic rule of CCIE lab. "do not overthink" :)

Thanks guys,

Ajay


2008/11/25 Farrukh Haroon <farrukhharoon@xxxxxxxxx>

>  How can you achieve this with Reflexive ACLs?
>
> "Allow access to a server located at 10.4.4.100; outside users should be
> able
> to connect to this server using IP address 204.12.X.100"
> Regards
>
> Farrukh
>  On Tue, Nov 25, 2008 at 1:43 PM, Ajay mehra <ajaymehra01@xxxxxxxxx>wrote:
>
>>  Hi,
>>
>> I got this doubt while doing lab 5 form IE WB. Is there any difference
>> between NAT and Reflexive acls with respect to below question? I was sure
>> that I do not need 'nat' at all in this case.
>>
>> Question says:
>>
>> After recent security issues related to servers located in VLAN 4 a new
>> corporate policy dictates that R4 be hardened according to the following
>> requirements:
>>
>> Treat R4's interface E0/0 as the outside interface and all other
>> interfaces
>> as inside
>>
>> Disable CDP on the outside interface
>>
>> Drop packets that are source routed
>>
>> TCP or UDP sessions that were initiated from behind R4 should be permitted
>> inbound from the outside
>>
>> Allow access to a server located at 10.4.4.100; outside users should be
>> able
>> to connect to this server using IP address 204.12.X.100
>>
>>
>>
>> All of my config was good and working except the solution guide enables
>> nat
>> on inside and outside interfaces. I am not sure what specific requirement
>> calls for enabling NAT when I have reflexive acls enabled and which would
>> make sure that I do not except any traffic from the outside except
>> permitted
>> explicitly.
>>
>>
>>
>> Can you please clarify?
>>
>>
>>
>> Thanks,
>>
>> Ajay
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html