A company has two subnets, a web server address is 192.168.1.100 in the 192.168.1.0/24 subnet, routerA is through the router connected to the Internet; And the client is in the 172.16.1.0/24 subnet 172.16.1.100, are routerB is connected to the Internet through A router, is now with the configuration of A router NAT translation, excuse me, are the first line of configuration commands: access list 101 deny 192.168.1.100 0.0.0.255 172.16.1.0 0.0.0.255 this command, why to want to deny? My understanding is that if a deny, unable to connect to the client web server, the client is not on the net,
CodePudding user response:
You have to see the application on the interface, in or out, and the attachment of the port
CodePudding user response:
This is to set up the DMZ, general DMZ are separated with Intranet, this strategy will only affect the active connection, will not affect the passive response,