01-31-2006 04:56 AM - edited 03-03-2019 01:38 AM
Hi all, If I am using PAT on my router, can I use an access list that permits all ? rather than just a subnet!
01-31-2006 05:00 AM
Hi,
Cisco strongly recommends that you do not use a 'permit any' ACL for matching source addresses when using NAt features. While it seems to work (based on my testing), I don't believe it is a good idea to go against Cisco recommendations since that config will not be supported.
Here's a quote from the Config Guide:
"If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any any command in the access list."
Hope that helps - pls rate posts that help.
Regards,
Paresh
01-31-2006 05:33 AM
Hi Thx for the reply, So can you tell me what the any any means, is it source and dest or source and mask ? also what would be the other way of doing it, would I just create an access list with all my different networks on ?
01-31-2006 05:38 AM
Howdy,
In the context of an extended ACL, the any any refers to the source and dest.
Yes, the other (preferred way) is to list them separately ....
Hope that helps - pls rate posts that help.
Regards,
Paresh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide