[c-nsp] FW: Static PAT problem

Gert Doering gert at greenie.muc.de
Fri Mar 18 03:45:34 EST 2005


Hi,

On Thu, Mar 17, 2005 at 05:09:10PM -0500, Andrew Herdman wrote:
> !
> ip access-list extended NAT01
>  permit ip 0.0.0.0 255.255.255.0 any

netmasks in ACLs need to be inverted ("don't care bits") - if you want 
to match your whole inside subnet, write this as:

   permit ip 192.168.128.0 0.0.0.255

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list