Re: Multiple nat 0 statements

sunilyk · ‎01-19-2004

Hi,

I would like to know if I can use multiple NAT 0 statements for the same interface e.g inside interface.

Presently I am already using a nat (inside) 0 statement with an access list. Now I want to implement a site to site vpn. So I want the new access-list also not to be natted for the vpn traffic.

Please let me know.

Thanks.

mostiguy · ‎01-20-2004

You can have as many as you like. You can mix and match nat 0 access-list and nat 0 ip.address.block.here subnet.mask.goes.here style statements as well

nat 0 access-list is a true nat exemption, and is probably the best practice. Its probably cleanest to maintain one access-list for use for one nat 0 command statement

sunilyk · ‎01-20-2004

Thanks !

Just wanted to confirm.if the following will work ?

nat (inside) 0 access-list 100

nat (inside) 0 access-list 110

nat (inside) 0 access-list 120

Regards,

mostiguy · ‎01-21-2004

nope, i just tested it. you can only have one nat 0 access-list statement.

sunilyk · ‎01-23-2004

Is there any workaround for this ?

Regards

mostiguy · ‎01-24-2004

write a new accesslist that combines all of the entries you wish to have nat 0 apply to