When an inside local node makes a connection through the router to, say, a website, and they are dynamically assigned a socket (inside global), can this be used as an opening for intrusion.
When I set up the pool, should I use an extended or reflexive or other type access list to limit inbound connections to only hosts that are in a conversation that started on the clean side of the router?
Right now I have: ip nat inside source list 10 pool whatever overload
I'm new to this and I bought a good book on access lists, but it's not too clear on what version of IOS is needed for what features.
