cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7427
Views
5
Helpful
5
Replies

change order of nat rules (v8.4)

raf.vanderveken
Level 1
Level 1

Hi,

I have a question about the new nat implementation in an ASA 8.4.

when I perform a "show nat" I get the following result:

1 (outside) to (inside) source dynamic any NAT-SSL-VPN_172.30.100.250 destination static 00B_172.30.100.0_24 00B_172.30.100.0_24

    translate_hits = 26, untranslate_hits = 0

2 (inside) to (outside) source static LAN-HOST_172.30.100.11_LNX01 WAN-HOST_84.199.44.2_32_LNX01 service TCP-80-HTTP TCP-80-HTTP

    translate_hits = 0, untranslate_hits = 0

My question is now: Is it possible to change the order of the nat rules without removing and reapplying the rule on position 1 ?

(both rules have to stay in section 1)

Thanks

raf

1 Accepted Solution

Accepted Solutions

Hi raf,

Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

5 Replies 5

varrao
Level 10
Level 10

Hi Raf,

In 8.4 they are divided into two sections, Section 1 and Section 2

Section 1 is Manual Nat Translations

Section 2 is Auto-Nat Translations

manual nat is hit first in the order of search and then Manual Nat.

If you want to change the order of nat in teh Section 1, then you can use the following:

nat (inside,outside) 1 source static any interface

and

if you want a Manual Na t statement to be hit after the auto nat in section 2, then you add the keyword after-auto to it.

nat (inside,outside) after-auto source static any interface

So now that particular nat statement would be hit after the section 2.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

hi varun,

Thanks for your answer, but what I need to know is if you have already a few nat rules configured but you need to change the order of the rules (all in section 1, so no section 2 or 3). Is it possible to change the order of the rules that are already configured ?

thanks

raf

Hi raf,

Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.

Thanks,

Varun

Thanks,
Varun Rao

Hi,

I tried it with the prefrence value and it doesn't change the position. I wanted to rearange the rule but its keep holding their orignal possition.

Remove the rule in which is below in order and enter it with the preference order as below.

 

nat (xxx,xxx) "order no" source static xxx  xxx xxx xxx

 

Thanks

Jaga

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: