Using extended ACL with NAT

Tshi M · ‎04-27-2010

I am trying to use NAT with extended ACL to no avail. I tried the ACL using name and number. I even tried to use route-map but no luck. It only seems to work when using standard ACL. I want to use extended ACL because I am NATTING to more than one destination.

ip access-list standard DE_NAT
permit 10.210.2.0 0.0.0.255
permit 10.210.21.0 0.0.0.255 log

ip access-list extended DE_50Mb
permit ip 10.210.2.0 0.0.0.255 20.19.245.0 0.0.0.255
permit ip 10.210.21.0 0.0.0.255 20.19.245.0 0.0.0.255

The standard ACL works but not the extended ACL.

I am baffled...

Federico Coto Fajardo · ‎04-27-2010

Hi,

Where is this ACL applied? To an interface, route-map, vty line, etc?

Is this an IOS device?

Federico.

Tshi M · ‎04-27-2010

The ACL is not applied to any interfaces as I am using it for NATTING. It is used in the ip nat inside source ..... I am trying this on a cisco 6509. I tried it on the route-map and without to no avail.

Federico Coto Fajardo · ‎04-27-2010

So, you've tried the commands:

ip nat inside source list...
ip nat inside source route-map... (route-map referrencing the ACL)

When you say that it does not work with extended ACL, it means that the translation does not take place?

Do you get hitcounts on the standard ACL or the extended ACL?

What IOS version are you running?

Federico.

Tshi M · ‎04-27-2010

Yes, I tried both commands to no avail. The IOS ver is Version 12.2(18)SXD4. I do get hit counts with the standard ACL. With the extended ACL, I only get hit count when I do a trace route but a ping doesn't show any hit counts. I am going to open a TAC case.