ACL加log后不能放行的原因

在NAT配置中的ACL不能加log，否则会出现问题。
比如permit，此时会不放行。
原因在于Cisco IOS NAT并不支持在ACL中加log。

官方解释：
Q. Does Cisco IOS NAT support ACLs with a "log" keyword?
A. When you configure Cisco IOS NAT for dynamic NAT translation, an ACL is used to identify packets that can be translated. The current NAT architecture does not support ACLs with a "log" keyword.

来源：
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html