https://community.cisco.com/t5/network-security/no-nat-again/m-p/618028#M1036247 <HTML><HEAD></HEAD><BODY><P>If you dont want VPN peers to be NATed you need not add them in the first access list because router checks all the access list before denying a packet.</P></BODY></HTML> Mon, 04 Dec 2006 15:34:55 GMT mchin345 2006-12-04T15:34:55Z https://community.cisco.com/t5/network-security/no-nat-again/m-p/618027#M1036244 <P>okay I have written an ACL that permits internal hosts access to the outside. I also have a DMZ which VPN traffic should be routed to, and which should not be natted. I understand that I can create and ACL for the traffic to be natted and apply it to the inside interface, and then create a second ACL to be used with the no nat command, and that this doesnt need to be bound to an interface.</P><P></P><P>Do I still need to put the VPN peers in the first ACL so they are permited thought the interface</P> Mon, 11 Mar 2019 09:01:36 GMT https://community.cisco.com/t5/network-security/no-nat-again/m-p/618027#M1036244 lquin1978 2019-03-11T09:01:36Z https://community.cisco.com/t5/network-security/no-nat-again/m-p/618028#M1036247 <HTML><HEAD></HEAD><BODY><P>If you dont want VPN peers to be NATed you need not add them in the first access list because router checks all the access list before denying a packet.</P></BODY></HTML> Mon, 04 Dec 2006 15:34:55 GMT https://community.cisco.com/t5/network-security/no-nat-again/m-p/618028#M1036247 mchin345 2006-12-04T15:34:55Z