[c-nsp] Weird ACL Translation - show run
Scott Altman
staltman at gmail.com
Wed Aug 31 16:16:11 EDT 2005
How about permit 192.168.0.0 <http://192.168.0.0>
0.0.255.255<http://0.0.255.255>
The zeros specify significance, the 255's are the wildcards (broad
generalizations). Based on what I see typed, that's is what you are trying
to accomplish: ACL for 192.168.x.y
- Scott
On 8/31/05, noc ops <aptgetd at gmail.com> wrote:
>
> Hi,
>
> Not sure if I'm missing something or what. But when I configured my 3640
> which is running c3640-jk9s-mz.122-4.T1.bin (not under warranty), I see
> below ACL output when I show run.
>
> Routing/NAT is taking place fine w/o any problems but the below ACL
> output is bothering me.
>
>
> Any insight will be appreciated.
>
>
> regards,
> /virendra
>
>
> config output:
> -------------------------------
> interface Ethernet0/1
> description Uplink to RFC1918 network, facing towards inside
> ip address 192.168.0.1 <http://192.168.0.1> 255.255.255.248<http://255.255.255.248>
> ip nat inside
> half-duplex
>
> ip nat inside source list pat-addresses interface Ethernet0/0 overload
>
> ip access-list standard pat-addresses
> permit 192.0.0.0 <http://192.0.0.0> 0.255.255.255 <http://0.255.255.255><------ ??
>
> --------------------------------
>
> I even tried doing and undoing the above ACL w/ no avail.
>
> deepspace(config)#ip access-list standard pat-addresses
> deepspace(config-std-nacl)#no permit 192.0.0.0 <http://192.0.0.0>
> 0.255.255.255 <http://0.255.255.255>
> deepspace(config-std-nacl)#permit 192.168.0.0 <http://192.168.0.0>
> 0.255.255.255 <http://0.255.255.255>
> deepspace(config-std-nacl)#^Z
>
> I even tried using permit 192.168.0.0 <http://192.168.0.0> 7.255.255.255<http://7.255.255.255>
>
> I still see the same output, and yes, I'm using ip classless,
>
> ip access-list standard pat-addresses
> permit 192.0.0.0 <http://192.0.0.0> 0.255.255.255 <http://0.255.255.255>
>
>
> Here's some basic NAT stats:
>
> deepspace#show ip nat statistics
> Total active translations: 34 (0 static, 34 dynamic; 34 extended)
> Outside interfaces:
> Ethernet0/0
> Inside interfaces:
> Ethernet0/1
> Hits: 663 Misses: 52
> Expired translations: 18
> Dynamic mappings:
> -- Inside Source
> access-list pat-addresses interface Ethernet0/0 refcount 34
>
>
> deepspace#show ip nat translations
> Pro Inside global Inside local Outside local
> Outside global
> tcp Ethernet0/0:44708 192.168.0.2:44708 <http://192.168.0.2:44708>
> 207.126.111.226:80 <http://207.126.111.226:80>
> 207.126.111.226:80 <http://207.126.111.226:80>
> tcp Ethernet0/0:44709 192.168.0.2:44709 <http://192.168.0.2:44709>
> 207.126.111.226:80 <http://207.126.111.226:80>
> 207.126.111.226:80 <http://207.126.111.226:80>
> tcp Ethernet0/0:44710 192.168.0.2:44710 <http://192.168.0.2:44710>
> 207.126.111.226:80 <http://207.126.111.226:80>
> 207.126.111.226:80 <http://207.126.111.226:80>
> tcp Ethernet0/0:44711 192.168.0.2:44711 <http://192.168.0.2:44711>
> 207.126.111.226:80 <http://207.126.111.226:80>
> 207.126.111.226:80 <http://207.126.111.226:80>
> tcp Ethernet0/0:44712 192.168.0.2:44712 <http://192.168.0.2:44712>
> 207.126.111.226:80 <http://207.126.111.226:80>
> 207.126.111.226:80 <http://207.126.111.226:80>
> tcp Ethernet0/0:44713 192.168.0.2:44713 <http://192.168.0.2:44713>
> 207.126.111.226:80 <http://207.126.111.226:80>
> 207.126.111.226:80 <http://207.126.111.226:80>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list