- Purple, 4500 points or more
Is using identity nat as compared to nat exemption merely a preference, or are there benefits to one over the other? I've changed all of my identity nats over to policy nat, but I'm not sure (other than ease of reading and it doesn't add to the xlate table) if there are any other benefits I'm not seeing.
To be honest with you i think the terminology is way too complicated.
According the doc policy NAT is where you specify TCP/UDP ports in your acl rather than just src/dst IP's.
I tend to think of in more simple terms, perhaps because i am fundamentally quite a simple person :-).
1) Dynamic NAT with or without acl's, NAT or PAT.
2) static NAT with or without acl's.
For both of the above the acl's merely define the source IP's to be Natted.
3) Policy NAT - the ability to translate the same address to multiple different IP's based on src and dst IP and TCP/UDP port.
4) NAT exemption - don't do NAT at all.
Why the docs have to confuse things with identity NAT i don't know. I actually had to look that term up !. The above works well for me altho others may take issue with it.
As for which to use. Well if you don't want to NAT then NAT exemption saves an entry in the xlate table as you say.