Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

nat (inside,outside) static 200.x.x.x

Hi Everyone,

Say we have webserver which has internal IP of 172.16.10.10

If we need outside users from internet who need to access the webserver on IP say  200.x.x.x

We can config the NAT as below also

nat (inside,outside) static 200.x.x.x

Regards

Mahesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

nat (inside,outside) static 200.x.x.x

Hi Mahesh,

I would usually configure a normal Static NAT as Network Object NAT

You first configure a "object network " under which you configure the source IP for the NAT configuration with the "host" command. Finally you enter the "nat" command inside/under the "object network ".

object network STATIC

host 172.16.10.10

nat (inside,outside) static 200.x.x.x

Depending on how the rest of the NAT configuration is built, some other NAT rule might override this but personally I have not had problem with configuring Static NAT this way.

You also have an option to configure the NAT in the following way

object network SERVER-REAL

host 172.16.10.10

object network SERVER-MAPPED

host 200.x.x.x

nat (inside,outside) source static SERVER-REAL SERVER-MAPPED

As you can see the difference from the first way I mentioned is the fact that we use Manual NAT / Twice NAT to configure this Static NAT. We create 2 "object network " which define the real and the mapped IP address. We then use those objects in the actual "nat" configuration.

The difference with the above 2 NAT configurations is that the Network Object NAT s on lower priorty in the ASA NAT rules compared to the above Manual NAT.

- Jouni

Super Bronze

nat (inside,outside) static 200.x.x.x

Hi,

I guess those are the terms/names the ASA itself uses when you use the "show nat" or "show nat detail" commands

So yes, the first one is a Auto NAT example and the second one is a Manual NAT example.

Both achieve the same but the Manual NAT is higher priority NAT rule than the Auto NAT rule.

I have personally gotten used to calling them Network Object NAT and Manual NAT/Twice NAT.

- Jouni

4 REPLIES
Super Bronze

nat (inside,outside) static 200.x.x.x

Hi Mahesh,

I would usually configure a normal Static NAT as Network Object NAT

You first configure a "object network " under which you configure the source IP for the NAT configuration with the "host" command. Finally you enter the "nat" command inside/under the "object network ".

object network STATIC

host 172.16.10.10

nat (inside,outside) static 200.x.x.x

Depending on how the rest of the NAT configuration is built, some other NAT rule might override this but personally I have not had problem with configuring Static NAT this way.

You also have an option to configure the NAT in the following way

object network SERVER-REAL

host 172.16.10.10

object network SERVER-MAPPED

host 200.x.x.x

nat (inside,outside) source static SERVER-REAL SERVER-MAPPED

As you can see the difference from the first way I mentioned is the fact that we use Manual NAT / Twice NAT to configure this Static NAT. We create 2 "object network " which define the real and the mapped IP address. We then use those objects in the actual "nat" configuration.

The difference with the above 2 NAT configurations is that the Network Object NAT s on lower priorty in the ASA NAT rules compared to the above Manual NAT.

- Jouni

New Member

nat (inside,outside) static 200.x.x.x

Hi jouni,

So first example was of Auto NAT  and second was Manual NAT  Right?

Regards

MAhesh

Super Bronze

nat (inside,outside) static 200.x.x.x

Hi,

I guess those are the terms/names the ASA itself uses when you use the "show nat" or "show nat detail" commands

So yes, the first one is a Auto NAT example and the second one is a Manual NAT example.

Both achieve the same but the Manual NAT is higher priority NAT rule than the Auto NAT rule.

I have personally gotten used to calling them Network Object NAT and Manual NAT/Twice NAT.

- Jouni

New Member

nat (inside,outside) static 200.x.x.x

MAny  thanks Jouni Again.

LEarning ASA  world bit by bit woth your help and this forum.

Best regards

MAhesh

352
Views
0
Helpful
4
Replies
CreatePlease to create content