change order of nat rules (v8.4)

Answered Question
Sep 27th, 2011

Hi,

I have a question about the new nat implementation in an ASA 8.4.

when I perform a "show nat" I get the following result:

1 (outside) to (inside) source dynamic any NAT-SSL-VPN_172.30.100.250 destination static 00B_172.30.100.0_24 00B_172.30.100.0_24

    translate_hits = 26, untranslate_hits = 0

2 (inside) to (outside) source static LAN-HOST_172.30.100.11_LNX01 WAN-HOST_84.199.44.2_32_LNX01 service TCP-80-HTTP TCP-80-HTTP

    translate_hits = 0, untranslate_hits = 0

My question is now: Is it possible to change the order of the nat rules without removing and reapplying the rule on position 1 ?

(both rules have to stay in section 1)

Thanks

raf

I have this problem too.
0 votes
Correct Answer by varrao about 3 years 8 months ago

Hi raf,

Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.

Thanks,

Varun

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
varrao Tue, 09/27/2011 - 03:57

Hi Raf,

In 8.4 they are divided into two sections, Section 1 and Section 2

Section 1 is Manual Nat Translations

Section 2 is Auto-Nat Translations

manual nat is hit first in the order of search and then Manual Nat.

If you want to change the order of nat in teh Section 1, then you can use the following:

nat (inside,outside) 1 source static any interface

and

if you want a Manual Na t statement to be hit after the auto nat in section 2, then you add the keyword after-auto to it.

nat (inside,outside) after-auto source static any interface

So now that particular nat statement would be hit after the section 2.

Hope that helps.

Thanks,

Varun

raf.vanderveken... Tue, 09/27/2011 - 04:05

hi varun,

Thanks for your answer, but what I need to know is if you have already a few nat rules configured but you need to change the order of the rules (all in section 1, so no section 2 or 3). Is it possible to change the order of the rules that are already configured ?

thanks

raf

Correct Answer
varrao Tue, 09/27/2011 - 04:28

Hi raf,

Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.

Thanks,

Varun

khalid.meraj Tue, 11/12/2013 - 06:29

Hi,

I tried it with the prefrence value and it doesn't change the position. I wanted to rearange the rule but its keep holding their orignal possition.

Actions

Login or Register to take actions

This Discussion

Posted September 27, 2011 at 3:45 AM
Stats:
Replies:4 Overall Rating:5
Views:1604 Votes:0
Shares:0
Tags: No tags.