Two NATs, same origin ASA 8.3

Unanswered Question
May 18th, 2010

Hi, whats happens in ASA 8.3 if you have two NATs with the same origin (i.e 192.168.1.3) and different outside (i.e 10.10.10.5 and 10.10.11.5)?. In older release of ASA it works by position in list so the first NAt is the first applied. Works in ASA 8.3 in the same way??.

Thank you in advance

Regards

Samuel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 05/18/2010 - 04:21

For NAT in version 8.3, here is the NAT order of operation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

With twice NAT, the order is as how it is entered in the configuration.

With network object NAT, it's static NAT takes precedence over dynamic NAT.

So from your description, I assume that you configure your policy NAT under twice NAT, so you are right. It is the same as the older version, ie: as you entered the NAT statements in the configuration.

Hope that helps.

Panos Kampanakis Tue, 05/18/2010 - 10:00

To add to hajelins answer, it should work in 8.3 also.

The syntax will change automatically when you migrate/upgrade.

but translating an ip address based on the destination ip address is still do-able.

I hope it helps.

PK

Actions

This Discussion

Related Content