Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ACL and reverse-nat

Hi All,

I want to apply a PBR on ADSL Router (1800 series) on the return of packet for a user in Lan behind a firwall.

so i create an acl with criter of destination ip address of this user.

as the access is ADSL, all ip are hided behind public ip adress.

so the return packet come with destination adress of public ip.

the question is: the acl is verified before reverse-nat??? if so the acl with criter of user ip will never matched.

or the acl is verified after the reverse-nat???

thanks for your help

1 REPLY
Cisco Employee

Re: ACL and reverse-nat

As per the documented NAT order of operations at:

http://www.cisco.com/application/pdf/paws/6209/5.pdf

NAT should happen before PBR so you should be able to use the subscriber's internal IP Address as the destination IP in your PBR ACL. It should not take much time to test it out first in a controlled manner.

Atif

232
Views
0
Helpful
1
Replies
CreatePlease to create content