09-25-2010 04:26 AM - edited 03-11-2019 11:45 AM
Hi,
I have a doubt regarding order of nat in 8.3. In cisco documentation at one place it says that order is
–Network object NAT—Automatically ordered in the NAT table.
–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118634
But in another place in table the order is like:
Section 1 - Twice NAT
Section 2 - Network object NAT
Section 3 - Twice NAT configured in section 3
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157
Could anyone please clarify on this ?
Thank you
Solved! Go to Solution.
09-25-2010 04:29 AM
Hi Sony,
Yes, the documentation is correct.
The NAT order of operation is:
Section 1 - Twice NAT
Section 2 - Network object NAT
Section 3 - Twice NAT configured in section 3
However, within Section 2 itself - Network object NAT - the operation is automatically ordered in the NAT table.
Hope that makes sense.
09-25-2010 04:29 AM
Hi Sony,
Yes, the documentation is correct.
The NAT order of operation is:
Section 1 - Twice NAT
Section 2 - Network object NAT
Section 3 - Twice NAT configured in section 3
However, within Section 2 itself - Network object NAT - the operation is automatically ordered in the NAT table.
Hope that makes sense.
09-25-2010 04:40 AM
Hi halijenn,
Thanks for the reply, so the first one (shown below) is incorrect. right ?
–Network object NAT—Automatically ordered in the NAT table.
–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118634
Thanks
Sony
09-25-2010 04:47 AM
Yes, you are absolutely right. The Twice NAT section 1 should come first before Network object NAT, as per the following:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157
09-25-2010 04:48 AM
I think what the document means to say is (for that particular section of Order of NAT rules) is to use "Network object NAT" first whenever possible, and only use "Twice NAT" if you can't configure it via "Network object NAT".
09-25-2010 05:10 AM
Thanks halijenn, i think the documentation is a bit confusing. I would appreciate if you could inform documentation people about this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide