I have nat 0 ACL stating an ip address should not be natted, while a static nat statement saying it should be natted. Just want to know which one will take precedence.
nat 0 ACL will take precedence,
Here is the nat order of operation
1)NAT exemption- When multiple NAT types/rules are set up, the security appliance tries to match traffic against the ACL in the NAT exemption rules. If there are overlapping entries in the ACL, the security appliance analyzes the ACEs until a match is found.
2)Static NAT- If there is no match found in the NAT exemption rules, the security appliance analyzes the static NAT entries in sequential order to determine a match.
3)Static PAT- If the security appliance does not find a match in NAT exemption or static NAT entries, it goes through the static PAT entries until it locates a match.
4)Policy NAT/PAT- The security appliance evaluates the policy NAT entries if it is still not able to find a match on the packet flow.
5)Identity NAT- The security appliance tries to find a match using the identity NAT statement, if one is set up to do so.
6)Dynamic NAT- If the security appliance fails to find a match using the first five rules, it checks to see if the packets need to be translated using dynamic NAT.
7)Dynamic PAT- The packets are checked against the dynamic PAT rules as the last resort, if all the previously mentioned rules fail.