NAT Overview
Figure 17-5
10.1.2.27
Figure 17-6
is not currently in the translation table, so the security appliance drops the packet.
Figure 17-6
Web Server
www.example.com
Outside
10.1.2.27
For the duration of the translation, a remote host can initiate a connection to the translated host if an
Note
access list allows it. Because the address is unpredictable, a connection to the host is unlikely. However
in this case, you can rely on the security of the access list.
Cisco Security Appliance Command Line Configuration Guide
17-6
Remote Host Attempts to Connect to the Real Address
Translation
209.165.201.10
shows a remote host attempting to initiate a connection to a mapped address. This address
Remote Host Attempts to Initiate a Connection to a Mapped Address
209.165.201.2
209.165.201.10
Security
Appliance
10.1.2.1
Inside
Web Server
www.example.com
Outside
209.165.201.2
Security
Appliance
10.1.2.1
Inside
10.1.2.27
Chapter 17
Applying NAT
10.1.2.27
OL-10088-01