×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 7.X POLICY NAT

Unanswered Question
Mar 28th, 2006
User Badges:

Reading documentations, i noticed that to create access-list for policy nat (dynamic or static) i MUST use eq operator in defining TCP or UDP ports.

I created an ACL for dynamic nat and dynamic pat with gt and range operators, and it works correclty.


(sh nat)

dynamic translation to pool 1 (192.168.251.200)

translate_hits = 0, untranslate_hits = 0

match tcp inside 172.19.90.0 255.255.255.0 range 1024 65535 dmzt1 host 192.168.251.11 eq 80


My question is, it's correct to specify source and destination ports with all operator on acl defined for policy-nat? On the official docs only eq operator is specified. I think acl only indicate traffic selection, and it's correct to specify other operators, what you think about?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aashish.c Tue, 03/28/2006 - 23:42
User Badges:
  • Bronze, 100 points or more

Hi


It depends on the traffic you want to get NATed. if you want to NAT the traffic going from a specific port to a fixed destination port and IP then you need to specify the operators and eq in the ACL.


if you want to NAt the specific subnet to a destination network on a specific port then you dont need operators and can use only eq.


so, upto u.


regards

aashish C


Actions

This Discussion