10-29-2007 03:03 AM - edited 03-03-2019 05:30 AM
Without NAT, the order is easy :
1. Incoming ACL
2. Routing Process
3. Outgoing ACL
At what step does the "average source NAT" take place ?
Scenario : A typical SOHO where you would translate a complete LAN to a single public IP (inside global) on your WAN Interface.
Is it before the Incoming ACL, i.e. step 0 ? Or is it after the Incoming ACL, i.e. step "1.5" ?
For example, if you want to filter traffic by the source address, any outgoing ACL on the WAN interface would have to use the already translated address. So far, so good. But what about the Incoming ACL on the LAN interface ? Will it have to match the non-translated source addresses or the translated addresses ?
Thanks in advance,
Oliver
Solved! Go to Solution.
10-29-2007 03:12 AM
Hi Oliver
It depends on whether the traffic is going from outside to inside or from inside to outside. Have a look at the attached docuement. Hopefully it will answer your questions.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
HTH
Jon
10-29-2007 03:12 AM
Hi Oliver
It depends on whether the traffic is going from outside to inside or from inside to outside. Have a look at the attached docuement. Hopefully it will answer your questions.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
HTH
Jon
10-29-2007 03:36 AM
Thanks Jon, exactly the answer I was looking for.
Later,
Oliver
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide