| [CCNA] NAT and Routing How natting works along with routes and access-list??
If Nat is applied to interface and at the same time access-list too then which statement will execute first??? |
|
 tubbynetreminds me of the danse russePremium,MVM
join:2008-01-16
Chandler, AZ | »www.cisco.com/en/US/tech/tk648/t···dd.shtml
q. |
|
| q Thanks for the document. It helps. If I applied extended access-list on both the inside and out side interfaces. How it will work along with nat. Which ip I have to use for access-list. Which statement on an interface will execute first? NAT statement OR access-list ??
Paddy |
|
|
|
cramer
join:2007-04-10
Raleigh, NC
kudos:5 | Did you read the document? It's pretty clear what happens when... input acl, nat, then output acl. what address to use depends on which side of the translation you're on (and if the address is being translated.) |
|
| Dear cramer,
According to document, When nat statement is inside on the interface Nat router will check the routing first then it will nat the ip. For outside nat statement, nat router will nat an IP first then will check the routing.
Is it true or am i missing something?
Paddy |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:5 Reviews:
 ·AT&T Southeast
| Inside-to-outside ("outbound") has to be routed to an "outside" interface before it knows how to NAT it. Outside-to-inside ("inbound"), it's already arrived at an "outside" interface, so it "undoes" the NAT and passes it along for routing to an inside interface. One could think of it as nat always occurs at an outside interface. |
|
| reply to Paddy
Paddy, yes, information in the NAT Order of Operations doc is true. |
|
