[c-nsp] Weird ACL Translation - show run

noc ops aptgetd at gmail.com
Wed Aug 31 16:06:09 EDT 2005 

Hi,

Not sure if I'm missing something or what. But when I configured my 3640
which is running c3640-jk9s-mz.122-4.T1.bin (not under warranty), I see
below ACL output when I show run.

Routing/NAT is taking place fine w/o any problems but the below ACL
output is bothering me.


Any insight will be appreciated.


regards,
/virendra


config output:
-------------------------------
interface Ethernet0/1
 description Uplink to RFC1918 network, facing towards inside
 ip address 192.168.0.1 255.255.255.248
 ip nat inside
 half-duplex

ip nat inside source list pat-addresses interface Ethernet0/0 overload

ip access-list standard pat-addresses
 permit 192.0.0.0 0.255.255.255 <------ ??

--------------------------------

I even tried doing and undoing the above ACL w/ no avail.

deepspace(config)#ip access-list standard pat-addresses
deepspace(config-std-nacl)#no permit 192.0.0.0 0.255.255.255
deepspace(config-std-nacl)#permit 192.168.0.0 0.255.255.255
deepspace(config-std-nacl)#^Z

I even tried using permit 192.168.0.0 7.255.255.255

I still see the same output, and yes, I'm using ip classless,

ip access-list standard pat-addresses
 permit 192.0.0.0 0.255.255.255


Here's some basic NAT stats:

deepspace#show ip nat statistics
Total active translations: 34 (0 static, 34 dynamic; 34 extended)
Outside interfaces:
  Ethernet0/0
Inside interfaces:
  Ethernet0/1
Hits: 663  Misses: 52
Expired translations: 18
Dynamic mappings:
-- Inside Source
access-list pat-addresses interface Ethernet0/0 refcount 34


deepspace#show ip nat translations
Pro Inside global         Inside local          Outside local
Outside global
tcp Ethernet0/0:44708   192.168.0.2:44708     207.126.111.226:80
207.126.111.226:80
tcp Ethernet0/0:44709   192.168.0.2:44709     207.126.111.226:80
207.126.111.226:80
tcp Ethernet0/0:44710   192.168.0.2:44710     207.126.111.226:80
207.126.111.226:80
tcp Ethernet0/0:44711   192.168.0.2:44711     207.126.111.226:80
207.126.111.226:80
tcp Ethernet0/0:44712   192.168.0.2:44712     207.126.111.226:80
207.126.111.226:80
tcp Ethernet0/0:44713   192.168.0.2:44713     207.126.111.226:80
207.126.111.226:80

More information about the cisco-nsp mailing list