09-27-2011 03:45 AM - edited 03-11-2019 02:30 PM
Hi,
I have a question about the new nat implementation in an ASA 8.4.
when I perform a "show nat" I get the following result:
1 (outside) to (inside) source dynamic any NAT-SSL-VPN_172.30.100.250 destination static 00B_172.30.100.0_24 00B_172.30.100.0_24
translate_hits = 26, untranslate_hits = 0
2 (inside) to (outside) source static LAN-HOST_172.30.100.11_LNX01 WAN-HOST_84.199.44.2_32_LNX01 service TCP-80-HTTP TCP-80-HTTP
translate_hits = 0, untranslate_hits = 0
My question is now: Is it possible to change the order of the nat rules without removing and reapplying the rule on position 1 ?
(both rules have to stay in section 1)
Thanks
raf
Solved! Go to Solution.
09-27-2011 04:28 AM
Hi raf,
Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.
Thanks,
Varun
09-27-2011 03:57 AM
Hi Raf,
In 8.4 they are divided into two sections, Section 1 and Section 2
Section 1 is Manual Nat Translations
Section 2 is Auto-Nat Translations
manual nat is hit first in the order of search and then Manual Nat.
If you want to change the order of nat in teh Section 1, then you can use the following:
nat (inside,outside) 1 source static any interface
and
if you want a Manual Na t statement to be hit after the auto nat in section 2, then you add the keyword after-auto to it.
nat (inside,outside) after-auto source static any interface
So now that particular nat statement would be hit after the section 2.
Hope that helps.
Thanks,
Varun
09-27-2011 04:05 AM
hi varun,
Thanks for your answer, but what I need to know is if you have already a few nat rules configured but you need to change the order of the rules (all in section 1, so no section 2 or 3). Is it possible to change the order of the rules that are already configured ?
thanks
raf
09-27-2011 04:28 AM
Hi raf,
Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.
Thanks,
Varun
11-12-2013 06:29 AM
Hi,
I tried it with the prefrence value and it doesn't change the position. I wanted to rearange the rule but its keep holding their orignal possition.
02-15-2019 03:16 PM
Remove the rule in which is below in order and enter it with the preference order as below.
nat (xxx,xxx) "order no" source static xxx xxx xxx xxx
Thanks
Jaga
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: