cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
4
Replies

nat (inside,outside) static 200.x.x.x

mahesh18
Level 6
Level 6

Hi Everyone,

Say we have webserver which has internal IP of 172.16.10.10

If we need outside users from internet who need to access the webserver on IP say  200.x.x.x

We can config the NAT as below also

nat (inside,outside) static 200.x.x.x

Regards

Mahesh

2 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi Mahesh,

I would usually configure a normal Static NAT as Network Object NAT

You first configure a "object network " under which you configure the source IP for the NAT configuration with the "host" command. Finally you enter the "nat" command inside/under the "object network ".

object network STATIC

host 172.16.10.10

nat (inside,outside) static 200.x.x.x

Depending on how the rest of the NAT configuration is built, some other NAT rule might override this but personally I have not had problem with configuring Static NAT this way.

You also have an option to configure the NAT in the following way

object network SERVER-REAL

host 172.16.10.10

object network SERVER-MAPPED

host 200.x.x.x

nat (inside,outside) source static SERVER-REAL SERVER-MAPPED

As you can see the difference from the first way I mentioned is the fact that we use Manual NAT / Twice NAT to configure this Static NAT. We create 2 "object network " which define the real and the mapped IP address. We then use those objects in the actual "nat" configuration.

The difference with the above 2 NAT configurations is that the Network Object NAT s on lower priorty in the ASA NAT rules compared to the above Manual NAT.

- Jouni

View solution in original post

Hi,

I guess those are the terms/names the ASA itself uses when you use the "show nat" or "show nat detail" commands

So yes, the first one is a Auto NAT example and the second one is a Manual NAT example.

Both achieve the same but the Manual NAT is higher priority NAT rule than the Auto NAT rule.

I have personally gotten used to calling them Network Object NAT and Manual NAT/Twice NAT.

- Jouni

View solution in original post

4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

Hi Mahesh,

I would usually configure a normal Static NAT as Network Object NAT

You first configure a "object network " under which you configure the source IP for the NAT configuration with the "host" command. Finally you enter the "nat" command inside/under the "object network ".

object network STATIC

host 172.16.10.10

nat (inside,outside) static 200.x.x.x

Depending on how the rest of the NAT configuration is built, some other NAT rule might override this but personally I have not had problem with configuring Static NAT this way.

You also have an option to configure the NAT in the following way

object network SERVER-REAL

host 172.16.10.10

object network SERVER-MAPPED

host 200.x.x.x

nat (inside,outside) source static SERVER-REAL SERVER-MAPPED

As you can see the difference from the first way I mentioned is the fact that we use Manual NAT / Twice NAT to configure this Static NAT. We create 2 "object network " which define the real and the mapped IP address. We then use those objects in the actual "nat" configuration.

The difference with the above 2 NAT configurations is that the Network Object NAT s on lower priorty in the ASA NAT rules compared to the above Manual NAT.

- Jouni

Hi jouni,

So first example was of Auto NAT  and second was Manual NAT  Right?

Regards

MAhesh

Hi,

I guess those are the terms/names the ASA itself uses when you use the "show nat" or "show nat detail" commands

So yes, the first one is a Auto NAT example and the second one is a Manual NAT example.

Both achieve the same but the Manual NAT is higher priority NAT rule than the Auto NAT rule.

I have personally gotten used to calling them Network Object NAT and Manual NAT/Twice NAT.

- Jouni

MAny  thanks Jouni Again.

LEarning ASA  world bit by bit woth your help and this forum.

Best regards

MAhesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: