If no host replies to the routers arp request, the packet is dropped.
Does anybody know if a ICMP host unreachable message may be sent from the
router?
-Ejay
-----Original Message-----
From: Stephen Hoover [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 4:30 PM
To:
Subject: Access-lists and NAT [7:9417]
List,
Two questions regarding ACL's and NAT.
1) Is there anyway to apply an ACL to a static NAT entry?
2) My router (1604) has two active interfaces, E0 and S0. S0 has a public IP
that does not answer to any service (Not part of NAT scheme) E0 has private
172.16 network. I have 6 public IP's that I use in the NAT scheme. My
question is this: if I create an inbound ACL on the S0 interface to allow
all IP, does this present any security risk given the fact the interface
isn't mapped anywhere via NAT and is also NOT part of my internal IP scheme?
What I am trying to do is allow pptp VPN to an NT server, which entails
NAT'ing tcp 1723 and passing GRE. GRE has to pass on an ACL, so the only way
I can think to do it is to create an inbound ACL allowing all IP, so
returning NAT information from internally initiated conversations is not
interupted. Am I way off base here?
Thanks!
Stephen Hoover
Dallas, Texas
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9429&t=9417
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
