[c-nsp] NAT ACL

jcvaraillon at dolnet.gr jcvaraillon at dolnet.gr
Thu Oct 14 10:05:33 EDT 2004


On an Ethernet interface, I have an incoming access-list (ip access-groupe 10
in) and I need to  put
a nat command (ip nat inside).

I am concerned by the access-list 10.

What is the router doing first: NATing or filtering ?

Do the router filter what comes IN first and then do the NAT? In which case I
can keep my access-list.

Do the router perfrom NAT first and then proceed with the filtering? In which
case I have to modify my access-list.

Any comments/suggestions are welcom.



More information about the cisco-nsp mailing list