Pix NAT Access-List question.

I have heard from one source that "deny" rules are not allowed in a NAT access-list. Could someone please point me to a Cisco reference for this? Thanks in advance. I'm running 6.3.3 on this pix, 515e.


Reply to
Loading thread data ...

formatting link
In the first Syntax Description sub-box, the one for "access-list", it says,

You can only include permit statements in the access-list

Reply to
Walter Roberson

with policy nat you can't have deny: The following configuration limitations apply to policy NAT:

?Access lists must contain permit statements only. Access lists for policy NAT cannot contain deny statements.

formatting link

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.