Chapter 16
Configuring NAT
Figure 16-6
10.1.2.27
Figure 16-7
is not currently in the translation table, so the FWSM drops the packet.
Figure 16-7
Web Server
www.example.com
Outside
10.1.2.27
Note
For the duration of the translation, a remote host can initiate a connection to the translated host if an
access list allows it. Because the address is unpredictable, a connection to the host is unlikely. However
in this case, you can rely on the security of the access list.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Remote Host Attempts to Connect to the Real Address
Translation
209.165.201.10
shows a remote host attempting to initiate a connection to a mapped address. This address
Remote Host Attempts to Initiate a Connection to a Mapped Address
209.165.201.2
209.165.201.10
FWSM
10.1.2.1
Inside
Web Server
www.example.com
Outside
209.165.201.2
FWSM
10.1.2.1
Inside
10.1.2.27
NAT Overview
10.1.2.27
16-7