Thanks for that. I had read that previously and it helped somewhat. However, my problem comes from interaction of the various technologies.
For instance, I want to use some static packet filtering to keep IP spoofing out, denying private IPs from coming in from the outside interface, but when I do it breaks my IPSec tunnel as it has 10 network inside and triggers the deny 10.0.0.0 rule I have. Now I opened the specific 10 network that I am using inside to solve that problem, but that opens up a hole. If I have a NAT'ed network, does the ACL get applied to the inside address or the Outside address? I guess there are a few other things, obviously I am going to play with it some more and learn, I am just in search of some good information about the subject so that I can get a good basis of knowledge. Thanks again for your help though, Tom -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 1:16 AM To: [EMAIL PROTECTED] Subject: RE: CBAC, PPTP and NAT Interaction [7:62727] Hi Tom! I think this article will help you resolve your problems. It is titled "Nat Order of Operations" but I think it may be called "Order of Packet Processing" ;-) http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080 133ddd.shtml http://www.cisco.com/warp/public/556/5.pdf (PDF variant of the same article) Kind regards, Victor Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62794&t=62727 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]