Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Exclude host from Nat ACL

Is it possible to exclude single host from NAT 0 and from cyptomap?

I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly.

Lines from config:

access-list ALL_Traffic extended permit ip 192.168.1.0 255.255.255.0 any

nat (inside) 0 access-list ALL_Traffic

crypto map CryptoMap 10 match address ALL_Traffic

I would like to allow direct internet access to few hosts. Can i just add one deny statement in access list ALL_Traffic to exclude host from nat and cryptomap?

  • Firewalling
1 REPLY

Re: Exclude host from Nat ACL

That should work. I prefer to adjust the ACL to exclude those hosts. You'll also have to NAT for internet access.

295
Views
0
Helpful
1
Replies
This widget could not be displayed.