Cisco NAT and Firewall ACLs. How do they work?
Posted on 2009-02-19
I'm a bit confused. We have 2 sites both with Cisco 870w Routers that run local internet for each site and also run a site-to-site VPN between them.
when i set them up i did it with a Cisco Teckie and I'm strying to re-familiarise myself with the whole concept because I'm having a few port related issues.
We have a Firewall ACL (on Dialer0 inbound), and also a NAT ACL.
What's the difference?
Which one takes preference?
Which one gets challenged first?
The way i think i understand it is that the packet heads into the router (from the www) and initally hits the firewall ACL, if it's allowed in it them hits the NAT ACL, if it has an entry listed it then is pushed through the NAT routing rule to its destination.
Any help would be much appreciated.
Also, is there a command to see which ACLs present on the router are doing what task?