L10 10.10.10.10 |
R1(1.1.1.10)--------(1.1.1.1)FW------------R2---L3 3.3.3.3 | L20 20.20.20.20 access-list LO10 extended permit ip host 3.3.3.3 host 10.10.10.10 access-list LO20 extended permit ip host 3.3.3.3 host 20.20.20.20 static (INSIDE,OUTSIDE) 1.1.1.3 access-list LO10 static (INSIDE,OUTSIDE) 1.1.1.4 access-list LO20 when I initiate ping from R2 sourced from L3 to L10 or L20 it works fine as expected however when I initiate ping from R1 source from any it just uses the xlate does not consider the access list Global 1.1.1.3 Local 3.3.3.3 Global 1.1.1.4 Local 3.3.3.3 However my understanding was the second ip in access list should be either source or the destination in order to do the translation so from R1 ping sourced from L10 to 1.1.1.3 and L20 to 1.1.1.4 should be translated rest should not. http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html#wp1074755 *“**Identify the real addresses and destination/source addresses using an extended access list. Create the extended access list using the access-list extended command. The first address in the access list is the real address; the second address is either the source or destination address, depending on where the traffic originates.”* ** ** Can any1 pls explain Thanks Kind Regards Manish
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
