Need to understand the nat with access-list

Similar Messages

• Static NAT using access-lists?

  Hi,
  i have an ASA5520 and im having an issue with static nat configuration.
  I have an inside host, say 1.1.1.1, that i want to be accessible from the outside as address 2.2.2.2.
  This is working fine. The issue is that i have other clients who i would like to access the host using its real physical address of 1.1.1.1.
  I have got this working using nat0 as an exemption, but as there will be more clients accessing the physical address than the nat address i would like to flip this logic if possible.
  Can i create a nat rule that only matches an access list i.e. 'for clients from network x.x.x.x, use the nat from 2.2.2.2 -> 1.1.1.1' and for everyone else, dont nat?
  My Pix cli skills arent the best, but the ASDM suggests that this is possible - on the nat rules page there is a section for the untranslated source to ANY, and if i could change ANY i would but dont see how to...
  Thanks,
  Des

  Des,
  You need to create an access-list to be used with the nat 0 statement.
  access-list inside_nonat extended permit ip 1.1.1.1 255.255.255.255 2.2.2.2 255.255.255.255
  - this tells the pix/asa to NOT perform NAT for traffic going from 1.1.1.1 to 2.2.2.2
  then use NAT 0 statement:
  nat (inside) 0 access-list inside_nonat
  to permit outside users to see inside addresses without NAT, flip this logic.
  access-list outside_nonat extended permit ip 2.2.2.2 255.255.255.255 1.1.1.1 255.255.255.255
  nat (outside) 0 access-list outside_nonat
  you'll also have to permit this traffic through the ACL of the outside interface.
  access-list inbound_acl extended permit ip 2.2.2.2 255.255.255.255 1.1.1.1 255.255.255.255
  - Brandon

• Where is the Enable RESTful Access List?

  Hello,
  I am trying to expose a report in my application as a RESTful web service. I am following this guide here: http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/advnc_web_services.htm#CHDDBGAI
  The instructions are:
  On the Workspace home page, click Application Builder.
  Select an application.
  Application Builder appears.
  Select the page that contains the report you want to enable.
  The Page Definition appears.
  Under Regions, click the name of the region that contains the report you want to enable.
  Under Attributes, enter a value for Static ID field. This value is used to access the report RESTfully.
  From the Enable RESTful Access List, select Yes.
  Click Apply Changes.
  I am not sure where I can get this "Enable RESTful Access List", it is not in my region attributes or in my page attributes. Could someone kindly point out where I can get it?
  I am using APEX 4.2
  Cheers.

  Hi William,
  That's great you're up and running now. So now you've managed to expose your Report region as a RESTful Service. I think you might find it useful to read through the section Understanding Web Service References in the same chapter - http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/advnc_web_services.htm#BABDCIBH - as it explains the various references that can be created. In your case, your Web Service reference is based on the RESTful style, and not on a Web Services Description Language (WSDL) document. If you read through the section Accessing a RESTful Enabled Report Region from a Web Service Client - http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/advnc_web_services.htm#CHDEHFJI - the apex_rest service API can be used to discover available RESTful enabled reports for a given application. Its response is an XML document with a description of all reports that can be accessed by RESTful Web services.
  I hope this helps.
  Regards,
  Hilary

• BGP with access lists

  Hello,
  Can someone explain to me why we use access lists in a mpls cloud that uses IBGP. I thought for the most part  access lists were used on firewalls not routers running BGP. Do we even need access lists with bgp can't bgp work without access lists. What are the reasons for having access lists on a router for IBGP on a mpls cloud?
  Thanks,

  The only way to get access to your network is if the ISP misconfigures so that another company gets access to your IP networks by mistake or that someone gets access to a PC on the inside and can reach the networks from there. It could happen if someone accidentally downloads an e-mail attachment or something like that.
  It all depends on how critical the traffic is. If it's a bank there could be regulations in place that demands that all traffic is encrypted even if it is supposed to be private. If you compare it to a leased line, it's also secure as long as someone doesn't get access to it. So MPLS is like a virtual leased line in comparison.
  Daniel Dib
  CCIE #37149
  Please rate helpful posts.

• How to provide the user with a list of files to pick from...for downloading

  hai..
  I have uploaded the file succesfully.. now we need to download the file...... which has been uploaded..... for that we have implemnted the Query as..
  select max(id) from APEX_APPLICATION_FILES ,here the latest uploaded record will be retrieved and shown.
  Now We want to provide the user with a list of files to pick from for downloading..,Dat is he should be shown the list of files which is available from dat he has to select one file to downlaod ???
  can u plz tell me how to do it....
  anoo

  Hi Anoo,
  Create a report using the following SQL statement:
  SELECT ID,
  FILENAME,
  CREATED_ON
  FROM APEX_APPLICATION_FILES
  ORDER BY CREATED_ON DESCThere are other fields available from the table, but the above gives you a start.
  Then edit the report's Report Attributes.
  Edit the CREATED_ON column and pick a Number/Date Format to use for the display and Apply Changes
  Edit the ID column. In the Column Link section, enter:
  Link Text: <img src="#IMAGE_PREFIX#download.gif" alt="Download">
  Target: URL
  URL: p?n=#ID#
  Apply Changes and run your report
  Andy

• My apple id for icloud is linked to an invalid email address and i do not have the password for the account.  I need to delete the account to access my icloud on my iphone.  any ideas?

  my apple id for icloud is linked to an invalid email address and i do not have the password for the account.  I need to delete the account to access my icloud on my iphone.  any ideas on how to override this issue?

  If you updated the old ID at one point to create your current iCloud ID, temporarily recreate the old ID by going to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iDevice, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• Need to Understand the Packet Flow

  Dear Friend,
  I need to understand the packet flow of the below diagram.
  I have configured MPLS on R2,R3 and R4. And IBGP is configured on R2 and R4. Now I am able to reach from R1 to R5's Loopback address. I need to understand the packect flow from R1 to R5 like If I ping from R1's Loopback  to R5's Loopback address then Source IP is 1.1.1.1 and destination IP is 5.5.5.5. What will be the packet structure at R2, R3,R4...??????????
  Please explain in details......Me really confused as R4 has not route about 5.5.5.5 also 1.1.1.1...How it forwards the packets??????

  Sanjib
  So R2 and R4 are PE devices and R3 is a P device ? And you are not doing MPLS VPNs, just normal MPLS ?
  If so R4 must have a route to 5.5.5.5. Did you mean R3 does not have a route ?
  With MPLS any P device only knows how to get to other P devices and PE devices. It does not know about any networks outside the MPLS network. The PE devices have routes to any external networks connected to them and know how to get to P and other PE devices.
  Note that in terms of PE/P reachability the routing/LDP information has already been exchanged and an MPLS forwarding table built. So for reachability between PE/P routers (ie. not outside the MPLS network) route lookup do not need to be performed, it is simply a matter of removing and adding labels.
  So assuming you are not using MPLS VPNs and that MPLS labels have been exchanged between all P and PE routers -
  R1 pings 5.5.5.5
  1) R1 does a route lookup for 5.5.5.5 and sends it to R2.
  2) R2 is a PE device. It does a route lookup for 5.5.5.5 and sees R4 as the next hop (this route has been exchanged via MP-BGP).
  3) R2 then need to send the packet to R4. To do this it looks in it's MPLS forwarding table to see how to get to R4. The MPLS forwarding table tells it which label to attach to the packet. It adds this label and sends the packet out of it's interface to R3.
  3) R3 is a P device. It does not need to do a route lookup for 5.5.5.5. It simply looks at the incoming MPLS label and consults it's MPLS forwarding table. It will have an entry in it's table saying that an incoming packet with an MPLS label of x should be sent out with an MPLS label of y. It changes the label and sends it out to R4.
  4) R4 receives the packet, removes the label, does an IP lookup for 5.5.5.5 and sends it to R5.
  Note that actually R3 might not add a label as there is something called Penultimate Hop Popping where if the net hop from the P router is a PE router it sends the packet without a label to save extra processing on the PE router. If you had multiple P routers only the last P router before the PE router would do PHP.
  The key thing to understand is that the P devices don't do route lookups when forwarding data. They simply switch labels. Whereas the PE devices do need to do route lookups for destinations outside the MPLS network. 
  Jon

• Hello i try to use another SIM card with my iphone 4s now it said i need to unlock the phone with my Sim carrier

  Hello i try to use another SIM card with my iphone 4s now it said i need to unlock the phone with my Sim carrier ... here is what it says below
  The SIM card inserted in this iPhone does not appear to be supported.
  The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert another SIM card from a supported carrier or request that this iPhone be unlocked by your carrier. Please contact Apple for more information.

  So..  You need to contact the carrier for the iPhone's original sim card, and request they unlock it.  The carrier is the only one that can unlock the sim of the iPhone.

• When I open my "fotos" (Photo) standard app in Iphone4 the the bar "Album is above the row with access to my photos taken - how do I solve this?

  When I open my "fotos" (Photo) standard app in Iphone4 the the bar "Album is above the row with access to my photos taken - how do I solve this?

  Not that I have a solution... I'm just sympathizing as I have the same issue... can't select the frist album because the title bar... and strangely it's only happening in iphone4 not in 3GS... currently I am syncing my photo from Aperture... to reoslve this I just created dummy event with one meaningless photo inside. I think it's a big bug!!!

• [svn:fx-trunk] 8531: If using an embedded font, need to measure the text with it so that if auto-sizing, the correct amount of space is allocated.

  Revision: 8531
  Author:   [email protected]
  Date:     2009-07-13 12:25:57 -0700 (Mon, 13 Jul 2009)
  Log Message:
  If using an embedded font, need to measure the text with it so that if auto-sizing, the correct amount of space is allocated.
  QA Notes:
  Doc Notes: SDK-22205.
  Reviewers: will be Gordon
  Ticket Links:
      http://bugs.adobe.com/jira/browse/SDK-22205
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/spark/src/spark/primitives/RichEditableText.as

  Revision: 8531
  Author:   [email protected]
  Date:     2009-07-13 12:25:57 -0700 (Mon, 13 Jul 2009)
  Log Message:
  If using an embedded font, need to measure the text with it so that if auto-sizing, the correct amount of space is allocated.
  QA Notes:
  Doc Notes: SDK-22205.
  Reviewers: will be Gordon
  Ticket Links:
      http://bugs.adobe.com/jira/browse/SDK-22205
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/spark/src/spark/primitives/RichEditableText.as

• ITunes needs to fix the problem with there gift cards not being activated this is not up to the retailer and they will not return scratched coded cards! There is thousands of people having this problem please fix it

  iTunes needs to fix the problem with there iTunes cards not activating properly! This is not the retailers fault and they will not return iTunes cards that have had the code area scratched there for apple needs to credit and or activated the cards there is thousands of people having this problem please bite the bullet and fix it already I will not be using iTunes until this is corrected...

  If you haven't received the item then try the 'report a problem' page to contact iTunes Support : http://reportaproblem.apple.com
  If the 'report a problem' link doesn't work then you can try contacting iTunes support via this page : http://www.apple.com/support/itunes/contact/- click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

• Dear frnz, i am doing my prjct in Lview. ie online PQ monitoring​. i need to simulate the system with disturbanc​es generated in Lview. so can any bdy plz tel me how to genrte PQ problems in labview. thanks in advance..

  dear frnz, i am doing my prjct in Lview. ie online PQ monitoring. i need to simulate the system with disturbances generated in Lview. so can any bdy plz tel me how to genrte PQ problems in labview. thanks in advance..

  I work in the power conversion industry and do these types of measurements all the time…
  Do you want to just measure power quality or create and measure power quality problems?
  What hardware are you using?
  Power quality analyzer?
  Programmable AC power source?
  Fast Transient Generator?
  Here is an example of what I do.
  To create PQ problems I use a California Instruments AC source set to nominal power for the unit under test. Using Labview I program several transients consisting of fixed and random duration dropouts and surges. I also use a Schaffer Fast Transient Burst Generator to apply high frequency noise bursts directly onto power lines.
  For measuring power quality I use a Voltech PM3000A power analyzer and Labview to measure everything from voltage, current, and frequency, to  harmonics and %THD
  Message Edited by RTSLVU on 07-23-2008 10:31 AM

• As this is an adobe DRM protected book you will need to import the book with adobe digital editions to open this book. I USED ADOBE DIGITAL EDITIONS TO UP LOAD THE BOOK TO MY TABLET. HELLP

  as this is an adobe DRM protected book you will need to import the book with adobe digital editions to open this book. I USED ADOBE DIGITAL EDITIONS TO UP LOAD THE BOOK TO MY TABLET. HELLP

  To attempt a new chat session...
  For the link below click the Still Need Help? option in the blue area at the bottom and choose the chat option...
  http://helpx.adobe.com/x-productkb/global/service1.html

• Avpair on the end of access-list

  Hello,
  It is possible, on router web authentication (or proxy authentication), to add the avpairs received from a radius server (the aaa), on the end of the access-list, instead of on the beggining?
  Tanks.
  Pisco
  Universidade do Algarve
  Portugal

  Thanks to Frank and Kevin
  Kevin
  Let me see if i got it.
  When i create the 2 LOV through a query, you said i should use a bind variable in the where clause of that query and the value of that variable would be the value selected of the first LOV, right? Then, How and where can i set an automatic refresh to yes?
  In order to do query, i still need to have the information needed (country, states, cities) stored on a table? if not, what other way i can get the information and populate the lists?
  Frank,
  i guess i should detect a list change with the trigger when-list-changed. Am i right?
  I still have to stored all the information eithr on a database or on a record group, am i right?
  Which would be a better way to do it?
  Thanks

• IS there a way to fix the issue with text list boxes where they shift (empty space is smaller than the text size) when two text lsit boxes are side by side?

  Currently I have a webpage I designed for a company where I have multiple text list boxes side by side for the purpose of displaying data in each one based on a category in the database. So a text list box for the primary key, name, serial number, etc. I have to use Firefox as it typically works best for printing and functionality for the page. The single issue we are having is that in Firefox if the field is null as far as text the text are shrinks meaning all the data in that list box shifts up and is no longer in line with its congruent data in the other text list boxes. In other browsers that's not a problem and everything stays lined up regardless of whether there's text in the box or not.
  Unfortunately I cannot provide a link but if contacted I will provide screen shots.

  Try posting at the Web Development / Standards Evangelism forum at MozillaZine. The helpers over there are more knowledgeable about web page development issues with Firefox. <br />
  http://forums.mozillazine.org/viewforum.php?f=25 <br />
  You'll need to register and login to be able to post in that forum.