Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

change order of nat rules (v8.4)

Hi,

I have a question about the new nat implementation in an ASA 8.4.

when I perform a "show nat" I get the following result:

1 (outside) to (inside) source dynamic any NAT-SSL-VPN_172.30.100.250 destination static 00B_172.30.100.0_24 00B_172.30.100.0_24

    translate_hits = 26, untranslate_hits = 0

2 (inside) to (outside) source static LAN-HOST_172.30.100.11_LNX01 WAN-HOST_84.199.44.2_32_LNX01 service TCP-80-HTTP TCP-80-HTTP

    translate_hits = 0, untranslate_hits = 0

My question is now: Is it possible to change the order of the nat rules without removing and reapplying the rule on position 1 ?

(both rules have to stay in section 1)

Thanks

raf

1 ACCEPTED SOLUTION

Accepted Solutions
Red

change order of nat rules (v8.4)

Hi raf,

Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
4 REPLIES
Red

change order of nat rules (v8.4)

Hi Raf,

In 8.4 they are divided into two sections, Section 1 and Section 2

Section 1 is Manual Nat Translations

Section 2 is Auto-Nat Translations

manual nat is hit first in the order of search and then Manual Nat.

If you want to change the order of nat in teh Section 1, then you can use the following:

nat (inside,outside) 1 source static any interface

and

if you want a Manual Na t statement to be hit after the auto nat in section 2, then you add the keyword after-auto to it.

nat (inside,outside) after-auto source static any interface

So now that particular nat statement would be hit after the section 2.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

change order of nat rules (v8.4)

hi varun,

Thanks for your answer, but what I need to know is if you have already a few nat rules configured but you need to change the order of the rules (all in section 1, so no section 2 or 3). Is it possible to change the order of the rules that are already configured ?

thanks

raf

Red

change order of nat rules (v8.4)

Hi raf,

Without deleting the existing nat rule, just re-enter it with the preference order and they woudl be re-arranged in your nat sections.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

change order of nat rules (v8.4)

Hi,

I tried it with the prefrence value and it doesn't change the position. I wanted to rearange the rule but its keep holding their orignal possition.

2633
Views
0
Helpful
4
Replies