1 Reply Latest reply on Oct 23, 2019 8:41 PM by thebearak

    Created a ACL with nat destination that used to work, but then my IP number changed.

    thebearak New Member

      Created a ACL with nat destination that used to work, but then my IP number changed, so I needed to change the ACLs to reflect that.   After changing them, only the first host works.   So in the example below, the only thing I changed was the host IP number.      doxer-1 through doxer-4 all work just fine, but dozer-1 and everything after that does not.     Again, this worked with the previous IP address and the only thing I changed was the IP.    I have about 15 more entries after these.  I've tried deleting them and redoing them manually (not using the Wizard) and it still doesn't work.  I'm stumped.    Nothing else in the rest of the configuration changed.

       

      ip access-list extended doxer-1

        remark Port 80 to doxer

        permit tcp any  host 88.88.88.88 eq www   log

      !

      ip access-list extended doxer-2

        remark Port webmin to doxer

        permit tcp any  host 88.88.88.88 eq 10101   log

      !

      ip access-list extended doxer-3

        remark Port ssh to doxer

        permit tcp any  host 88.88.88.88 eq 2220   log

      !      

      ip access-list extended doxer-4

        remark Port 433 to doxer

        permit tcp any  host 88.88.88.88 eq https   log

      !

      ip access-list extended dozer-1

        remark VNC to Dozer

        permit tcp any  host 88.88.88.88 eq 5900   log

      !

      ip access-list extended dozer-2

        remark ARD to Dozer

        permit tcp any  host 88.88.88.88 eq 3283   log

      !

      ip access-list extended dozer-3

        remark ARD to Dozer

        permit udp any  host 88.88.88.88 eq 3283    log

      !

      !

      !

      ip policy-class Private

        allow list self self

        allow list self self

        nat source list wizard-ics interface gigabit-ethernet 0/1 overload

      !

      ip policy-class Public

        nat destination list doxer-1 address 10.0.1.20

        nat destination list doxer-2 address 10.0.1.20

        nat destination list doxer-3 address 10.0.1.20

        nat destination list doxer-4 address 10.0.1.20

        nat destination list web-acl-32 address 10.0.1.20

        nat destination list dozer-1 address 10.0.1.15

        nat destination list dozer-2 address 10.0.1.15

        nat destination list dozer-3 address 10.0.1.15