Is it possible to exclude single host from NAT 0 and from cyptomap?
I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly.
Lines from config:
access-list ALL_Traffic extended permit ip 192.168.1.0 255.255.255.0 any
nat (inside) 0 access-list ALL_Traffic
crypto map CryptoMap 10 match address ALL_Traffic
I would like to allow direct internet access to few hosts. Can i just add one deny statement in access list ALL_Traffic to exclude host from nat and cryptomap?