!Deny NAT anytime the destination is a private IP address (RFC1918) access-list 101 deny ip any 192.168.0.0 0.0.255.255 access-list 101 deny ip any 172.16.0.0 0.15.255.255 access-list 101 deny ip any 10.0.0.0 0.255.255.255 !Permit the NAT any other time access-list 101 permit ip any any !Define the nat rule. Anything denied in ACL 101 will not qualify for NAT and therefore will pass through unaltered. Anything that is permitted by ACL 101 will be translated to the IP that exists on interface fa0/0 ip nat inside source list 101 interface fa0/0 overload
Previously there was a separate ISP for each site and they were connected with an IPSec VPN.
So there is NAT/PAT already on each config for the internal network's routers (Cisco) along with an ACL for the IPSec - just wondering if/how much the configs might change with this setup.