Thanks, everything happened just as you said.
--- Ben Nagy <[EMAIL PROTECTED]> wrote:
> Inbound ACLs are checked before anything else.
> Specifically, they will be
> checked before NAT gets hold of the packets. This
> means that you need to
> permit/deny based on the global (externally visible)
> IP addresses.
>
> Cheers,
>
> --
> Ben Nagy
> Network Consultant, Volante Solutions
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>
>
> > -----Original Message-----
> > From: L. David Leija [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, 7 October 2000 7:52 AM
> > To: [EMAIL PROTECTED]
> > Subject: ACL's & NAT on Cisco FW IOS
> >
> >
> > All, I am configuring ACL's for a router that is
> also
> > already performing NAT. If I define an inbound ACL
> on
> > the external interface that restricts WAN 2 LAN,
> how
> > will traffic that was sent to the externally NATed
> IP
> > from some other external IP be handled? What
> happens
> > first? will the ACL routines run first, or will
> the
> > NAT routines run first? I'm probubly going to
> figure
> > it out through trial and error, but since I
> couldn't
> > find any similar sample configs on Cisco's site, I
> > just thought I'd see if someone has a 'Best
> Practice'
> > for this. TIA
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Photos - 35mm Quality Prints, Now Get 15
> Free!
> > http://photos.yahoo.com/
> > -
> > [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the
> message.]
> >
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf! It's FREE.
http://im.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
