[c-nsp] NAT ACL
Paul Stewart
pauls at nexicom.net
Thu Oct 14 11:13:43 EDT 2004
Hi Christophe:
Someone may correct me but an access list will apply to all traffic on
the interface whether or not it's NAT. The NAT translation will still
be subject to the access list rules.
Paul
On Thu, 2004-10-14 at 10:05, jcvaraillon at dolnet.gr wrote:
>
>
> Hi,
>
>
> On an Ethernet interface, I have an incoming access-list (ip access-groupe 10
> in) and I need to put
> a nat command (ip nat inside).
>
> I am concerned by the access-list 10.
>
> What is the router doing first: NATing or filtering ?
>
> Do the router filter what comes IN first and then do the NAT? In which case I
> can keep my access-list.
>
> Do the router perfrom NAT first and then proceed with the filtering? In which
> case I have to modify my access-list.
>
>
> Any comments/suggestions are welcom.
>
> Thanks
>
> Christophe
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list