Exclude host from Nat ACL

Unanswered Question
Aug 7th, 2009
User Badges:

Is it possible to exclude single host from NAT 0 and from cyptomap?

I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly.

Lines from config:

access-list ALL_Traffic extended permit ip any

nat (inside) 0 access-list ALL_Traffic

crypto map CryptoMap 10 match address ALL_Traffic

I would like to allow direct internet access to few hosts. Can i just add one deny statement in access list ALL_Traffic to exclude host from nat and cryptomap?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Fri, 08/07/2009 - 06:03
User Badges:
  • Purple, 4500 points or more

That should work. I prefer to adjust the ACL to exclude those hosts. You'll also have to NAT for internet access.


This Discussion