Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

nat(inside,outside) real mapped,mapped real

Hi Everyone,

Normally when we do static map from inside to outside  or dynamic NAT  using range of IP  we use

nat(inside,outside)  real source  mapped source  mapped destination real destination.

Need to know when we will use the order below

nat(inside,outside)  real source  mapped source  real destination  mapped destination?

also if i have below config

nat (inside,outside) after-auto source dynamic inside_net inside_natted   destination static Partnet_internal Out_natted

and i put interface just before the destination what it will mean then?

nat (inside,outside) after-auto source dynamic inside_net inside_natted interface  destination static Partnet_internal Out_natted

Regards

MAhesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

nat(inside,outside) real mapped,mapped real

Hi Mahesh,

To my understanding the ordering of the Real/Mapped sections of the NAT commands never change in any format.

It should always be

nat (sourceint,destinationint) source destination static

The "nat" configuration with the added "interface" parameter to my understanding does so that if the addresses under the "inside_natted" runs out then the "interface" IP address will be used. I can't see what is configured under "inside_natted" though, it might be a range of addresses or a single address.

- Jouni

Super Bronze

nat(inside,outside) real mapped,mapped real

Hi,

Lets take this example of the mentioned configuration format

object network LAN

subnet 10.10.10.0 255.255.255.0

object network NAT-POOL

range 1.1.1.1 1.1.1.2

object network REMOTE-NETWORK

subnet 3.3.3.0 255.255.255.0

nat (inside,outside) after-auto source dynamic LAN NAT-POOL interface destination static REMOTE-NETWORK REMOTE-NETWORK

What the above NAT configuration basically does is

  • It performs Dynamic NAT+PAT between the "inside" and "outside" interfaces
  • It performs this translation only when the source network is "LAN" and the destination is "REMOTE-NETWORK"
  • It will first use the IP addresses from "NAT-POOL" for users on the "LAN". So after 2 different hosts from subnet 10.10.10.0/24 have initiated a connection and gotten a translation on the ASA, the pool is out of IP addresses. After this happens the next host that connects to "REMOTE-NETWORK" will use the "interface" IP address of "outside" interface for Dynamic PAT translation.

So in your case with the below configuration

nat (inside,outside) after-auto source dynamic inside_net inside_natted  interface  destination static Partnet_internal Out_natted

The hosts on the "inside_net" would be NATed to the NAT Pool of "inside_natted" until that NAT Pool runs out. After it runs out the remaining hosts that initiate connections that match this NAT rule will use the "outside" interface IP address as a Dynamic PAT address as is specified by the parameter "interface" that you have added.

- Jouni

4 REPLIES
Super Bronze

nat(inside,outside) real mapped,mapped real

Hi Mahesh,

To my understanding the ordering of the Real/Mapped sections of the NAT commands never change in any format.

It should always be

nat (sourceint,destinationint) source destination static

The "nat" configuration with the added "interface" parameter to my understanding does so that if the addresses under the "inside_natted" runs out then the "interface" IP address will be used. I can't see what is configured under "inside_natted" though, it might be a range of addresses or a single address.

- Jouni

New Member

nat(inside,outside) real mapped,mapped real

Hi Jouni,

Inside_natted has range of IP addresses.

When you say interface ip address to use does it mean that it will use the outside interface  ip address?

Regards

MAhesh

Super Bronze

nat(inside,outside) real mapped,mapped real

Hi,

Lets take this example of the mentioned configuration format

object network LAN

subnet 10.10.10.0 255.255.255.0

object network NAT-POOL

range 1.1.1.1 1.1.1.2

object network REMOTE-NETWORK

subnet 3.3.3.0 255.255.255.0

nat (inside,outside) after-auto source dynamic LAN NAT-POOL interface destination static REMOTE-NETWORK REMOTE-NETWORK

What the above NAT configuration basically does is

  • It performs Dynamic NAT+PAT between the "inside" and "outside" interfaces
  • It performs this translation only when the source network is "LAN" and the destination is "REMOTE-NETWORK"
  • It will first use the IP addresses from "NAT-POOL" for users on the "LAN". So after 2 different hosts from subnet 10.10.10.0/24 have initiated a connection and gotten a translation on the ASA, the pool is out of IP addresses. After this happens the next host that connects to "REMOTE-NETWORK" will use the "interface" IP address of "outside" interface for Dynamic PAT translation.

So in your case with the below configuration

nat (inside,outside) after-auto source dynamic inside_net inside_natted  interface  destination static Partnet_internal Out_natted

The hosts on the "inside_net" would be NATed to the NAT Pool of "inside_natted" until that NAT Pool runs out. After it runs out the remaining hosts that initiate connections that match this NAT rule will use the "outside" interface IP address as a Dynamic PAT address as is specified by the parameter "interface" that you have added.

- Jouni

New Member

nat(inside,outside) real mapped,mapped real

Hi Jouni,

I will need some time and practice to go through these replies.

Best Regards

MAhesh

155
Views
0
Helpful
4
Replies