Solved: what will be the first - nat or access-list

yarik_ya · ‎10-18-2002

so i have such config:

interface Loopback0

ip address 192.168.0.1 255.255.255.0

no ip directed-broadcast

!

interface Ethernet0

ip address X.X.X.X 255.255.255.248

..................................................................

!

interface Group-Async1

description Group of 1 through 16 Async interfaces

ip unnumbered Loopback0

no ip redirects

no ip directed-broadcast

ip nat inside

encapsulation ppp

ip tcp header-compression passive

async mode interactive

no snmp trap link-status

peer default ip address pool modem

no cdp enable

ppp authentication pap

group-range 1 16

!

ip local pool modem 192.168.0.2 192.168.0.18

ip nat pool modem_over X.X.X.X X.X.X.X netmask 255.255.255.248

ip nat inside source list 10 pool modem_over overload

access-list 10 remark for_modem_nat_inside

access-list 10 permit 192.168.0.0 0.0.0.255

access-list 110 permit ip any host X.X.X.X

access-list 110 permit ip any 192.168.0.0 0.0.0.255

So i have access-list 110 and such statement access-list 110 permit ip any 192.168.0.0 0.0.0.255, So when the e0 receving the packet, what will be the first - nat or access-list statement , it's rather interesting

steve.barlow · ‎10-18-2002

Order: first input access list, then nat, then output access list.

This link explains the order: http://www.cisco.com/warp/public/556/5.html

Hope it helps.

Steve

View solution in original post

steve.barlow · ‎10-18-2002

Order: first input access list, then nat, then output access list.

This link explains the order: http://www.cisco.com/warp/public/556/5.html

Hope it helps.

Steve

yarik_ya · ‎10-18-2002

Thanks a lot

RIKLEF GRAETSCH · ‎01-12-2017

Hello,

sorry for activating this old thread, but how is the order in new ASA 9.5 version?

Regards

Riklef