Yes, the above configuration achieves a NAT0 type configuration in the new 8.3+ ASA softwares.
In the 8.2 and older softwares we used an ACL to tell the ASA between which networks there should be no translation to the source address.
The above configuration could correspond to the following on the 8.2 software
access-list INSIDE-NAT0 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NAT0
And as you have already mentioned the 8.3+ format is
object network one
subnet 10.1.1.0 255.255.255.0
object network two
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) source static one one destination static two two
In the new format you see the same things as you saw in the older format using ACL. It tells between which interfaces this NAT applies. It also tells between which source and destination networks this applies.
Now lets look at the above "nat" statement in all of its parts
nat = Is the actual command which starts the NAT configuration whatever NAT you were configuring
inside = Is the source interface for the NAT as its mentioned first
outside = Is the destination interface for the NAT its mentioned second
source = Simply specifies that the source parameters for this NAT configuration will follow
static = Defines that were doing a Static type of NAT
one = Defines the real source network
one = Defines the mapped source network
destination = Simply specifies that the destination parameters for this NAT configuration will follow
static = Defines that the destination is static. It can only be static
two = Defines the mapped destination network
two = Defines the real destination network
And the key things to notice from the configuration.
Both source and destination real and mapped networks are the same. This means that the source network and destination network should stay unchanged. So in essence we are doing NAT0.
When we add the "destination static
I am not really sure if I explained the above in the best way I could. Hope it makes any sense
Traffic is going between "inside" and "outside" interface
Traffic is coming from behind "inside" from the real source network "one" to mapped destination network "two"
Traffic is coming from behind "outside" from the real destination network "two" to mapped source network "one"
The latter 2 points above just indicate which section of the "nat" configuration is matched against the traffic depending behind which interface the traffic is coming from.
Yes, the above configuration achieves a NAT0 type configuration in the new 8.3+ ASA softwares.
In the 8.2 and older softwares we used an ACL to tell the ASA between which networks there should be no translation to the source address.
The above configuration could correspond to the following on the 8.2 software
access-list INSIDE-NAT0 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NAT0
And as you have already mentioned the 8.3+ format is
object network one
subnet 10.1.1.0 255.255.255.0
object network two
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) source static one one destination static two two
In the new format you see the same things as you saw in the older format using ACL. It tells between which interfaces this NAT applies. It also tells between which source and destination networks this applies.
Now lets look at the above "nat" statement in all of its parts
nat = Is the actual command which starts the NAT configuration whatever NAT you were configuring
inside = Is the source interface for the NAT as its mentioned first
outside = Is the destination interface for the NAT its mentioned second
source = Simply specifies that the source parameters for this NAT configuration will follow
static = Defines that were doing a Static type of NAT
one = Defines the real source network
one = Defines the mapped source network
destination = Simply specifies that the destination parameters for this NAT configuration will follow
static = Defines that the destination is static. It can only be static
two = Defines the mapped destination network
two = Defines the real destination network
And the key things to notice from the configuration.
Both source and destination real and mapped networks are the same. This means that the source network and destination network should stay unchanged. So in essence we are doing NAT0.
When we add the "destination static
I am not really sure if I explained the above in the best way I could. Hope it makes any sense
Traffic is going between "inside" and "outside" interface
Traffic is coming from behind "inside" from the real source network "one" to mapped destination network "two"
Traffic is coming from behind "outside" from the real destination network "two" to mapped source network "one"
The latter 2 points above just indicate which section of the "nat" configuration is matched against the traffic depending behind which interface the traffic is coming from.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
