Ok, is that 5 says, check the source and destination in NAT rules but dont apply

And 7 says, apply the nat translation for source/destination

Is that they are trying to convey ?

Hi,

It would seem logical to me atleast.

Though it still leaves me with a question about the L3 lookup.

The document seems to state that the translation will determine the egress interface. Yet if I have configured Dynamic PAT from one LAN interface to 2x WAN interface then the active default route determines which Dynamic PAT is applied.

So this kind of confuses me still.

- Jouni

Hi,

I am just wondering for example the following simple example (I ignored the typical "track" and "sla" configuration that would be normally used in this situation to have the automatic failover of the default route between the ISPs.)

interface GigabitEthernet0/0

nameif ISP-1

security-level 0

ip add 1.1.1.2 255.255.255.248

interface GigabitEthernet0/1

nameif ISP-2

security-level 0

ip add 2.2.2.2 255.255.255.248

interface GigabitEthernet0/2

nameif LAN

security-level 100

ip add 10.10.10.1 255.255.255.0

route ISP-1 0.0.0.0 0.0.0.0 1.1.1.1 1

route ISP-2 0.0.0.0 0.0.0.0 2.2.2.1 254

global (ISP-1) 1 interface

global (ISP-2) 1 interface

nat (inside) 1 10.10.10.0 255.255.255.0

So if we look at the document, it makes no mention of any L3 lookup except after applying the NAT configurations. In the above situation I would imagine there is a NAT that could apply for the LAN network to the direction of either ISP-1 or ISP-2.

So which ISP interfaces NAT configurations is applied if no decision egress interface has been made according to the routing table?

And if no routing table affects the NAT chosen, how exactly is the NAT chosen on the basis of the above 2 possibilities?

- Jouni

Hi Anthony,

We were discussing on Destination-NAT traffic flow Vs Source-NAT.

In source-NAT, as per the link which you provided, NAT will happen before Routing. What about for Destination-NAT ?

regards

Rajesh. P