04-27-2010 07:30 PM - edited 03-04-2019 08:18 AM
I am trying to use NAT with extended ACL to no avail. I tried the ACL using name and number. I even tried to use route-map but no luck. It only seems to work when using standard ACL. I want to use extended ACL because I am NATTING to more than one destination.
ip access-list standard DE_NAT
permit 10.210.2.0 0.0.0.255
permit 10.210.21.0 0.0.0.255 log
ip access-list extended DE_50Mb
permit ip 10.210.2.0 0.0.0.255 20.19.245.0 0.0.0.255
permit ip 10.210.21.0 0.0.0.255 20.19.245.0 0.0.0.255
The standard ACL works but not the extended ACL.
I am baffled...
04-27-2010 07:34 PM
Hi,
Where is this ACL applied? To an interface, route-map, vty line, etc?
Is this an IOS device?
Federico.
04-27-2010 07:38 PM
The ACL is not applied to any interfaces as I am using it for NATTING. It is used in the ip nat inside source ..... I am trying this on a cisco 6509. I tried it on the route-map and without to no avail.
04-27-2010 07:43 PM
So, you've tried the commands:
ip nat inside source list...
ip nat inside source route-map... (route-map referrencing the ACL)
When you say that it does not work with extended ACL, it means that the translation does not take place?
Do you get hitcounts on the standard ACL or the extended ACL?
What IOS version are you running?
Federico.
04-27-2010 07:50 PM
Yes, I tried both commands to no avail. The IOS ver is Version 12.2(18)SXD4. I do get hit counts with the standard ACL. With the extended ACL, I only get hit count when I do a trace route but a ping doesn't show any hit counts. I am going to open a TAC case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide