Two NATs, same origin ASA 8.3

Unanswered Question
May 18th, 2010
User Badges:

Hi, whats happens in ASA 8.3 if you have two NATs with the same origin (i.e 192.168.1.3) and different outside (i.e 10.10.10.5 and 10.10.11.5)?. In older release of ASA it works by position in list so the first NAt is the first applied. Works in ASA 8.3 in the same way??.


Thank you in advance

Regards

Samuel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 05/18/2010 - 04:21
User Badges:
  • Cisco Employee,

For NAT in version 8.3, here is the NAT order of operation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157


With twice NAT, the order is as how it is entered in the configuration.

With network object NAT, it's static NAT takes precedence over dynamic NAT.


So from your description, I assume that you configure your policy NAT under twice NAT, so you are right. It is the same as the older version, ie: as you entered the NAT statements in the configuration.


Hope that helps.

Panos Kampanakis Tue, 05/18/2010 - 10:00
User Badges:
  • Cisco Employee,

To add to hajelins answer, it should work in 8.3 also.

The syntax will change automatically when you migrate/upgrade.

but translating an ip address based on the destination ip address is still do-able.




I hope it helps.


PK

Actions

This Discussion