Using extended ACL with NAT

Unanswered Question
Apr 27th, 2010

I am trying to use NAT with extended ACL to no avail. I tried the ACL using name and number. I even tried to use route-map but no luck. It only seems to work when using standard ACL. I want to use extended ACL because I am NATTING to more than one destination.

ip access-list standard DE_NAT
permit 10.210.2.0 0.0.0.255
permit 10.210.21.0 0.0.0.255 log


ip access-list extended DE_50Mb
  permit ip 10.210.2.0 0.0.0.255 20.19.245.0 0.0.0.255
  permit ip 10.210.21.0 0.0.0.255 20.19.245.0 0.0.0.255

The standard ACL works but not the extended ACL.

I am baffled...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Tue, 04/27/2010 - 19:34

Hi,

Where is this ACL applied? To an interface, route-map, vty line, etc?

Is this an IOS device?

Federico.

Tshi M Tue, 04/27/2010 - 19:38

The ACL is not applied to any interfaces as I am using it for NATTING. It is used in the ip nat inside source ..... I am trying this on a cisco 6509. I tried it on the route-map and without to no avail.

Federico Coto F... Tue, 04/27/2010 - 19:43

So, you've tried the commands:

ip nat inside source list...
ip nat inside source route-map...  (route-map referrencing the ACL)

When you say that it does not work with extended ACL, it means that the translation does not take place?

Do you get hitcounts on the standard ACL or the extended ACL?

What IOS version are you running?

Federico.

Tshi M Tue, 04/27/2010 - 19:50

Yes, I tried both commands to no avail. The IOS ver is Version 12.2(18)SXD4. I do get hit counts with the standard ACL. With the extended ACL, I only get hit count when I do a trace route but a ping doesn't show any hit counts. I am going to open a TAC case.

Actions

This Discussion