Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1355
Views
0
Helpful
3
Replies

difference between nat

Go to solution
born.jason
Level 1
Level 1

‎09-14-2010 04:11 AM - edited ‎03-11-2019 11:39 AM

Newbi question....

What is the different for these two nat commands (asa v8.3)

nat (inside,outside) source static 10.10.10.5 88.234.23.2

object network obj-10.10.10.5
nat (inside,outside) static 88.234.23.2

The first is a NAT rule and the second is a network-object NAT rule, right? And what is the big difference ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎09-14-2010 04:53 AM

nat (inside,outside) source static 10.10.10.5 88.234.23.2  ---------> manual nat - processed before auto nat

object network obj-10.10.10.5
nat (inside,outside) static 88.234.23.2  -------------> auto nat

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html

check NAT Rule Order in the above link.

You can find some samples here: https://supportforums.cisco.com/docs/DOC-9129

-KS

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎09-14-2010 04:53 AM

nat (inside,outside) source static 10.10.10.5 88.234.23.2  ---------> manual nat - processed before auto nat

object network obj-10.10.10.5
nat (inside,outside) static 88.234.23.2  -------------> auto nat

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html

check NAT Rule Order in the above link.

You can find some samples here: https://supportforums.cisco.com/docs/DOC-9129

-KS

0 Helpful

Go to solution
born.jason
Level 1
Level 1

‎09-14-2010 04:56 AM

and when would you prefer manual nat and when auto nat ? At the moment for me its the same *confused*

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to born.jason

‎09-14-2010 05:09 AM

Say for example you have inside n/w 192.168.2.0/24 that you want to talk to 192.168.1.0 on the other side of the tunnel.

You have auto nat configured for any in the 192.168.2.0/24 to go to the internet.

Now, when the remote end tries to connect to your end, you response may look like the interface address and go out to the internet and not across the tunnel. In this case you need a manual nat to identity translate 192.168.2.0 to look like itself when it goes to talk to 192.168.1.0.

Does it make sense? There are other occasions too when you can't remove the auto nat but, you want other translation to take effect before that - then go with manual nat.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card