Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT Pools and Access-lists...

I have the following situation that I cannot make heads or tails of...

ip nat pool XYZ 10.1.0.50 10.16.0.200 netmask 255.255.240.0

ip nat inside source list 1 pool XYZ

access-list 1 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 1 permit ip 10.0.0.0 0.255.255.255 192.168.100.0 0.0.0.255

access-list 1 permit 192.168.161.0 0.255.255.255 192.168.100.0 0.0.0.255

access-list 1 permit 192.168.161.0 0.255.255.255 192.168.1.0 0.0.0.255

....

....

My problem is understanding what the second subnets in the access-list entries signify. I have only seen NAT access-lists with ONE subnet for each entry. Any help is appreciated. Thanks.

1 REPLY
New Member

Re: NAT Pools and Access-lists...

not sure where you got this config from but

access-list 1 : implies that this is a basic ip access-list. These types can accept only source addresses, not source and destination as this config implies. That would require extended access lists.

ie. format should be:

access-list 1 permit ip 10.0.0.0 0.255.255.255

or something like this.

87
Views
0
Helpful
1
Replies