Inbound ACLs are checked before anything else. Specifically, they will be
checked before NAT gets hold of the packets. This means that you need to
permit/deny based on the global (externally visible) IP addresses.
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: L. David Leija [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, 7 October 2000 7:52 AM
> To: [EMAIL PROTECTED]
> Subject: ACL's & NAT on Cisco FW IOS
>
>
> All, I am configuring ACL's for a router that is also
> already performing NAT. If I define an inbound ACL on
> the external interface that restricts WAN 2 LAN, how
> will traffic that was sent to the externally NATed IP
> from some other external IP be handled? What happens
> first? will the ACL routines run first, or will the
> NAT routines run first? I'm probubly going to figure
> it out through trial and error, but since I couldn't
> find any similar sample configs on Cisco's site, I
> just thought I'd see if someone has a 'Best Practice'
> for this. TIA
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
