Home
Certification Preparation
Cisco
CCNA & CCENT
Why Does NAT Work
foreverlearning
Even though there is an ACL To Block Incoming Traffic from the external interface?
I configure ip nat out on the external interface.
I also configure acl to prevent traffic coming in that external interface.
Users can goto internet which means NAT is working.
Why?
A diagram to explain this will be much appreciated.
Find more posts tagged with
NAT
ACL
Comments
powerfool
You're blocking inbound traffic, not outbound traffic. If you want to block outbound traffic, then block outbound traffic.
foreverlearning
I understand what you meet.
But the traffic has to come in from outside to inside for NAT right?
NAT takes precedence over ACL?
powerfool
It has nothing to do with NAT. You can have a firewall in place with ACLs and not use NAT if you have public IP addresses for everyone. NAT doesn't play into the scenario. The firewall understands traffic flows, because it is stateful. If you permit internal Computer A to reach Internet service B, you are allowing an outbound flow. That outbound flow does not get checked by inbound ACLs. The connection was established in an outbound way and would have been impacted by outbound ACLs.
JDMurray
NAT
and N
ACL
s do two different things; both capabilities can exist in routers, Layer 3 switches, and firewalls.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
