Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 7.X POLICY NAT

Reading documentations, i noticed that to create access-list for policy nat (dynamic or static) i MUST use eq operator in defining TCP or UDP ports.

I created an ACL for dynamic nat and dynamic pat with gt and range operators, and it works correclty.

(sh nat)

dynamic translation to pool 1 (192.168.251.200)

translate_hits = 0, untranslate_hits = 0

match tcp inside 172.19.90.0 255.255.255.0 range 1024 65535 dmzt1 host 192.168.251.11 eq 80

My question is, it's correct to specify source and destination ports with all operator on acl defined for policy-nat? On the official docs only eq operator is specified. I think acl only indicate traffic selection, and it's correct to specify other operators, what you think about?

1 REPLY
Bronze

Re: PIX 7.X POLICY NAT

Hi

It depends on the traffic you want to get NATed. if you want to NAT the traffic going from a specific port to a fixed destination port and IP then you need to specify the operators and eq in the ACL.

if you want to NAt the specific subnet to a destination network on a specific port then you dont need operators and can use only eq.

so, upto u.

regards

aashish C

109
Views
0
Helpful
1
Replies
CreatePlease to create content