topic Exclude host from Nat ACL in Network Security https://community.cisco.com/t5/network-security/exclude-host-from-nat-acl/m-p/1269612#M795385 <P>Is it possible to exclude single host from NAT 0 and from cyptomap?</P><P></P><P>I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly. </P><P></P><P>Lines from config:</P><P></P><P>access-list ALL_Traffic extended permit ip 192.168.1.0 255.255.255.0 any</P><P></P><P>nat (inside) 0 access-list ALL_Traffic</P><P></P><P>crypto map CryptoMap 10 match address ALL_Traffic</P><P></P><P></P><P>I would like to allow direct internet access to few hosts. Can i just add one deny statement in access list ALL_Traffic to exclude host from nat and cryptomap?</P> Mon, 11 Mar 2019 16:03:47 GMT veljko.tasic 2019-03-11T16:03:47Z Exclude host from Nat ACL https://community.cisco.com/t5/network-security/exclude-host-from-nat-acl/m-p/1269612#M795385 <P>Is it possible to exclude single host from NAT 0 and from cyptomap?</P><P></P><P>I have a pix with site-to-site configuration. All hosts can access tunnel only, and cannot go on internet directly. </P><P></P><P>Lines from config:</P><P></P><P>access-list ALL_Traffic extended permit ip 192.168.1.0 255.255.255.0 any</P><P></P><P>nat (inside) 0 access-list ALL_Traffic</P><P></P><P>crypto map CryptoMap 10 match address ALL_Traffic</P><P></P><P></P><P>I would like to allow direct internet access to few hosts. Can i just add one deny statement in access list ALL_Traffic to exclude host from nat and cryptomap?</P> Mon, 11 Mar 2019 16:03:47 GMT https://community.cisco.com/t5/network-security/exclude-host-from-nat-acl/m-p/1269612#M795385 veljko.tasic 2019-03-11T16:03:47Z Re: Exclude host from Nat ACL https://community.cisco.com/t5/network-security/exclude-host-from-nat-acl/m-p/1269613#M795393 <HTML><HEAD></HEAD><BODY><P>That should work. I prefer to adjust the ACL to exclude those hosts. You'll also have to NAT for internet access.</P></BODY></HTML> Fri, 07 Aug 2009 13:03:52 GMT https://community.cisco.com/t5/network-security/exclude-host-from-nat-acl/m-p/1269613#M795393 Collin Clark 2009-08-07T13:03:52Z