Configure the PIX Security Appliance as an Easy VPN Server
Task 9 – configure NAT and NAT 0

The last task is to define which traffic is encrypted and sent down the IPSec tunnel, and which traffic is translated and transmitted in clear text. The NAT 0 access-list command defines which traffic is encrypted but not translated. In Figure , traffic sourced from network 10.0.0.0/24 and destined for a host on 10.0.11.0/24 network is encrypted. The remaining traffic is translated, using NAT, to the IP address of the outside interface and then transmitted in clear text.