Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
3
Replies

overloading

carl_townshend
Spotlight
Spotlight

‎01-31-2006 04:56 AM - edited ‎03-03-2019 01:38 AM

Hi all, If I am using PAT on my router, can I use an access list that permits all ? rather than just a subnet!

Labels:
0 Helpful
3 Replies 3

pkhatri
Level 11
Level 11

‎01-31-2006 05:00 AM

Hi,

Cisco strongly recommends that you do not use a 'permit any' ACL for matching source addresses when using NAt features. While it seems to work (based on my testing), I don't believe it is a good idea to go against Cisco recommendations since that config will not be supported.

Here's a quote from the Config Guide:

"If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any any command in the access list."

Hope that helps - pls rate posts that help.

Regards,

Paresh

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to pkhatri

‎01-31-2006 05:33 AM

Hi Thx for the reply, So can you tell me what the any any means, is it source and dest or source and mask ? also what would be the other way of doing it, would I just create an access list with all my different networks on ?

0 Helpful

pkhatri
Level 11
Level 11
In response to carl_townshend

‎01-31-2006 05:38 AM

Howdy,

In the context of an extended ACL, the any any refers to the source and dest.

Yes, the other (preferred way) is to list them separately ....

Hope that helps - pls rate posts that help.

Regards,

Paresh

0 Helpful
Customers Also Viewed These Support Documents