Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NO NAT Again !

okay I have written an ACL that permits internal hosts access to the outside. I also have a DMZ which VPN traffic should be routed to, and which should not be natted. I understand that I can create and ACL for the traffic to be natted and apply it to the inside interface, and then create a second ACL to be used with the no nat command, and that this doesnt need to be bound to an interface.

Do I still need to put the VPN peers in the first ACL so they are permited thought the interface

1 REPLY
Silver

Re: NO NAT Again !

If you dont want VPN peers to be NATed you need not add them in the first access list because router checks all the access list before denying a packet.

129
Views
0
Helpful
1
Replies