https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617933#M1036254 <P>If you write an ACL to be used with a NO NAT statement, does it need to be applied to an interface. I.e I need to NAT certain traffic, but not NAT certain traffic that has a particular destination</P> Mon, 11 Mar 2019 09:01:33 GMT lquin1978 2019-03-11T09:01:33Z https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617933#M1036254 <P>If you write an ACL to be used with a NO NAT statement, does it need to be applied to an interface. I.e I need to NAT certain traffic, but not NAT certain traffic that has a particular destination</P> Mon, 11 Mar 2019 09:01:33 GMT https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617933#M1036254 lquin1978 2019-03-11T09:01:33Z https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617934#M1036259 <HTML><HEAD></HEAD><BODY><P>No you dont need apply NONAT ACL to inteface is only used to bind NONAT ACL and NAT 0 statement</P><P>For example if you want NAT all traffic from inside EXCEPT from 10.10.15.0 to 192.168.1.0</P><P>access-list no-nat permit ip 10.10.15.0 255.255.255.0 192.168.1.0 255.255.255.0</P><P>nat (inside) 0 access-list no-nat</P><P>nat (inside) 1 10.10.15.0 255.255.255.0</P><P>global (outside) 1 public_IP netmask 255.255.255.255</P><P></P><P>NAT 0 means traffic is NOT NATed</P><P></P><P>NAT 1 pairs global 1</P><P>M.</P><P></P></BODY></HTML> Tue, 28 Nov 2006 13:38:11 GMT https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617934#M1036259 m.sir 2006-11-28T13:38:11Z https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617935#M1036266 <HTML><HEAD></HEAD><BODY><P>so.. I can write an ACL called 101 with various inside addresses permited to go outside, bind this to the internal interface. Then write a second ACL called 102 with something like</P><P></P><P>access-list 102 permit ip 10.1.0.0 255.255.0.0 192.168.12.0 255.255.255.0 </P><P></P><P>then</P><P></P><P>nat (inside) 0 access-list 102.</P><P></P><P>102 doesnot need to be bound to an interface and it can contain addresses that appear in ACL 101 ?</P></BODY></HTML> Tue, 28 Nov 2006 13:50:18 GMT https://community.cisco.com/t5/network-security/pix-no-nat/m-p/617935#M1036266 lquin1978 2006-11-28T13:50:18Z