The access-list is always checked before NAT translation


(simon c) #1

Hi I’m really confused bt this statement “The access-list is always checked before NAT translation”

So if I have traffic coming into the asa on the outside interface with a public IP address destined for a server on my dmz who has a private IP address translated by nat to the outside public address would I permit traffic destined from anywhere as an example to the private ip address of my server NOT the NAT public address?

Thanks

Simon


(Lazaros Agapides) split this topic #2

3 posts were merged into an existing topic: Cisco ASA Access-List


(Lazaros Agapides) closed #3