Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

8.3 order of nat

Hi,

I have a doubt regarding order of nat in 8.3. In cisco documentation at one place it says that order is


–Network object NAT—Automatically ordered in the NAT table.

–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118634

But in another place in table the order is like:

Section 1 - Twice NAT

Section 2 - Network object NAT

Section 3 - Twice NAT configured in section 3

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

Could anyone please clarify on this ?

Thank you

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 8.3 order of nat

Hi Sony,

Yes, the documentation is correct.

The NAT order of operation is:

Section 1 - Twice NAT

Section 2 - Network object NAT

Section 3 - Twice NAT configured in section 3

However, within Section 2 itself - Network object NAT - the operation is automatically ordered in the NAT table.

Hope that makes sense.

5 REPLIES
Cisco Employee

Re: 8.3 order of nat

Hi Sony,

Yes, the documentation is correct.

The NAT order of operation is:

Section 1 - Twice NAT

Section 2 - Network object NAT

Section 3 - Twice NAT configured in section 3

However, within Section 2 itself - Network object NAT - the operation is automatically ordered in the NAT table.

Hope that makes sense.

Community Member

Re: 8.3 order of nat

Hi halijenn,

Thanks for the reply, so the first one (shown below) is incorrect. right ?

–Network object NAT—Automatically ordered in the NAT table.
–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118634

Thanks

Sony

Cisco Employee

Re: 8.3 order of nat

Yes, you are absolutely right. The Twice NAT section 1 should come first before Network object NAT, as per the following:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

Cisco Employee

Re: 8.3 order of nat

I think what the document means to say is (for that particular section of Order of NAT rules) is to use "Network object NAT" first whenever possible, and only use "Twice NAT" if you can't configure it via "Network object NAT".

Community Member

Re: 8.3 order of nat

Thanks halijenn, i think the documentation is a bit confusing. I would appreciate if you could inform documentation people about this.

1336
Views
0
Helpful
5
Replies
CreatePlease to create content