Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
1
Replies

PIX 7.X POLICY NAT

gcocchi
Level 1
Level 1

‎03-28-2006 12:36 AM - edited ‎02-21-2020 12:48 AM

Reading documentations, i noticed that to create access-list for policy nat (dynamic or static) i MUST use eq operator in defining TCP or UDP ports.

I created an ACL for dynamic nat and dynamic pat with gt and range operators, and it works correclty.

(sh nat)

dynamic translation to pool 1 (192.168.251.200)

translate_hits = 0, untranslate_hits = 0

match tcp inside 172.19.90.0 255.255.255.0 range 1024 65535 dmzt1 host 192.168.251.11 eq 80

My question is, it's correct to specify source and destination ports with all operator on acl defined for policy-nat? On the official docs only eq operator is specified. I think acl only indicate traffic selection, and it's correct to specify other operators, what you think about?

0 Helpful
1 Reply 1

aashish.c
Level 4
Level 4

‎03-28-2006 11:42 PM

Hi

It depends on the traffic you want to get NATed. if you want to NAT the traffic going from a specific port to a fixed destination port and IP then you need to specify the operators and eq in the ACL.

if you want to NAt the specific subnet to a destination network on a specific port then you dont need operators and can use only eq.

so, upto u.

regards

aashish C

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card