Access Lists for VPN and VPN Client

Unanswered Question
Oct 3rd, 2008
User Badges:


After creating a LAN2LAN VPN OR a VPN client connection, of couse, an access list is created. One entry for the access list is for the NAT0. In the line shown below, it is for the VPN CLIENT IP POOL. My question is WHY whenever I do a 'sh access-list' command, all NAT0 entries in all access lists have "0 hits." It does not seem to make sense. And, how can I change that?



access-list INSIDE_nat0_outbound line 1 extended permit ip any (hitcnt=0)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
netsec123 Sat, 10/04/2008 - 10:03
User Badges:

Hi!! Thanks for responding. So, I guess there's no way to tell if a NAT rule is being hit as packets traverse the firewall? :(



This Discussion