It is currently Tue Sep 17, 2019 12:39 am


All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: NAT Extendend ACL and ip CEF
PostPosted: Sun Feb 10, 2013 4:04 pm 
Offline

Joined: Tue Nov 01, 2011 2:13 pm
Posts: 5
Hi everybody,

Summary:
I am having issues using an extended ACL for NAT while ip cef is active.

Situation:
i am building a sample (and yet simple) topology consisting of an ASA and a router:

- ASA and Router connected through a GNS3 etherswitch
- between them goes an L2L VPN
- both are in the same subnet with my nat'ed internet connection (over cloud interface)


i am configuring this extended ACL on the router to allow nat to internet and exempting from nat translation the communications between Router and ASA over VPN subnet.

Issue:

- When CEF is active and i use an extended ACL to select traffic to and to not NAT it doesn't work
- if i disable CEF with no other changes it works with traffic nat'ed to internet and traffic not nat'ed to the ASA VPN
- if i use a standard ACL for the nat with CEF enabled, nat versus internet works (but obviously i lose chance to nat-exempt my traffic to VPN)

I am using a 7206VXR - NPE400 with ios Cisco.IOS.Monster.Collection.2008\c7200\SEP2012\c7200-advipservicesk9-mz.124-24.T8.bin

Thanks all.




Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO