The last task is to define which traffic is encrypted and sent down the
IPSec tunnel, and which traffic is translated and transmitted in clear text.
The NAT 0 access-list command defines which traffic is
encrypted but not translated. In Figure
, traffic sourced
from network 10.0.0.0/24 and destined for a host on 10.0.11.0/24 network is
encrypted. The remaining traffic is translated, using NAT, to the IP address of
the outside interface and then transmitted in clear text.