Dears,
i am a little bit confused when configuring IPSec site-to-site with Nat Overload. I have two questions:
1- I need to know the order of operations between NAT overload (including either an ACL or a route-map) and crypto map (including an ACL). For example
if i have the following example:
access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
access-list 102 deny ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
access-list 102 permit ip any any
crypto map cmap1 1 ipsec-isakmp
match address 101
route-map rmap1 permit 1
match ip address 102
ip nat inside source route-map rmap1 interface s0/0 overload
int s0/0
crypto map cmap1
And if i make a ping from 1.1.1.2 to 2.2.2.2, how will the icmp packets treated by the router
Also if did not add the deny entry in the access-list 102, how will the icmp packets treated by the router
2- What is the difference between using route map and ACL in NAT overload:
ip nat inside source route-map rmap1 interface s0/0 overload
ip nat inside source list 102 interface s0/0 overload
Your help is really appreciated
Best regards,
Moustafa