Exclude host from Nat ACL

Unanswered Question
Aug 7th, 2009
User Badges:

Is it possible to exclude single host from NAT 0 and from cyptomap?


I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly.


Lines from config:


access-list ALL_Traffic extended permit ip 192.168.1.0 255.255.255.0 any


nat (inside) 0 access-list ALL_Traffic


crypto map CryptoMap 10 match address ALL_Traffic



I would like to allow direct internet access to few hosts. Can i just add one deny statement in access list ALL_Traffic to exclude host from nat and cryptomap?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 08/07/2009 - 06:03
User Badges:
  • Purple, 4500 points or more

That should work. I prefer to adjust the ACL to exclude those hosts. You'll also have to NAT for internet access.

Actions

This Discussion