I have nat 0 ACL stating an ip address should not be natted, while a static nat statement saying it should be natted. Just want to know which one will take precedence.
This is the nat order of operation PIX/ASA.
the NAT (nameif) 0 acl_name takes precedence.
1. nat 0 access-list (nat-exempt)
2. Match existing xlates
3. Match static commands
a. Static NAT with and without access-list
b. Static PAT with and without access-list
4. Match nat commands
a. nat [id] access-list (first match)
b. nat [id] [address] [mask] (best match)
i. If the ID is 0, create an identity xlate
ii. Use global pool for dynamic NAT
iii. Use global pool for dynamic PAT