Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

overloading

Hi all, If I am using PAT on my router, can I use an access list that permits all ? rather than just a subnet!

3 REPLIES
Purple

Re: overloading

Hi,

Cisco strongly recommends that you do not use a 'permit any' ACL for matching source addresses when using NAt features. While it seems to work (based on my testing), I don't believe it is a good idea to go against Cisco recommendations since that config will not be supported.

Here's a quote from the Config Guide:

"If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any any command in the access list."

Hope that helps - pls rate posts that help.

Regards,

Paresh

New Member

Re: overloading

Hi Thx for the reply, So can you tell me what the any any means, is it source and dest or source and mask ? also what would be the other way of doing it, would I just create an access list with all my different networks on ?

Purple

Re: overloading

Howdy,

In the context of an extended ACL, the any any refers to the source and dest.

Yes, the other (preferred way) is to list them separately ....

Hope that helps - pls rate posts that help.

Regards,

Paresh

97
Views
0
Helpful
3
Replies