Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

nat (inside,outside) source dynamic any interface

Hi Everyone,

Does config below

ASA1(config)# nat (inside,outside)  source  dynamic  any  interface

Will do the PAT  when source is any IP  from inside interface of ASA  and going to any destination IP   address?

Regards

MAhesh

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

nat (inside,outside) source dynamic any interface

Hi Mahesh,

Yes, that NAT configuration would essentially do Dynamic PAT for any host behind the "inside" interface towards any destination address routed behind "outside" interface using the PAT IP address of "outside" interface.

I would however suggest configuring the same NAT configuration by adding the "after-auto" parameter

nat (inside,outside) after-auto source dynamic any interface

What the "after-auto" parameter does is that it moves the NAT rule to the very end of the NAT rules. It will be one of the last NAT rules matched against a new connection coming from behind "inside".

If we configured the Dynamic PAT the way you mentioned, there might be a possibility that it would override other NAT rules either now or in the future because it is at such a high priority.

- Jouni

3 REPLIES
Super Bronze

nat (inside,outside) source dynamic any interface

Hi Mahesh,

Yes, that NAT configuration would essentially do Dynamic PAT for any host behind the "inside" interface towards any destination address routed behind "outside" interface using the PAT IP address of "outside" interface.

I would however suggest configuring the same NAT configuration by adding the "after-auto" parameter

nat (inside,outside) after-auto source dynamic any interface

What the "after-auto" parameter does is that it moves the NAT rule to the very end of the NAT rules. It will be one of the last NAT rules matched against a new connection coming from behind "inside".

If we configured the Dynamic PAT the way you mentioned, there might be a possibility that it would override other NAT rules either now or in the future because it is at such a high priority.

- Jouni

New Member

nat (inside,outside) source dynamic any interface

Best Regards

Mahesh

New Member

Hi Everyone,

Hi Everyone,

I have the same problem of configuring PAT on the new Cisco firewall so addition to ASA1(config)# nat (inside,outside)  source  dynamic  any  interface command is any ACL statement is required to allow inside network?

Best Regards!

2277
Views
0
Helpful
3
Replies
作成コンテンツを作成するには してください