Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT Interpretation

Hi gurus of Cisco.

Could you explain me please, what meaning this line:

!First Nat

global (outside) 101 36.161.215.110 netmask 255.255.255.255

nat (inside) 101 0.0.0.0 0.0.0.0

!Seconf Nat

nat (WAN-Inside) 0 access-list WAN-Inside_nat0_outbound

nat (inside) 0 access-list inside_nat0_outbound

!Static NAT

static (inside,outside) 36.161.215.115 10.29.12.250 netmask 255.255.255.255

The First NAT meaning, everything from the inside network NAT to this IP address 36.161.215.110

The Static NAT, Nat this private address 10.29.12.250, to this public address 36.161.215.115

Could any specialist help me to interpretate the second nat?

Any othe comment is welcome.

Regards

Andres


1 REPLY
Super Bronze

NAT Interpretation

Hi,

As you say the NAT configurations are as follows

1.) The "global" and "nat" configurations define a Dynamic PAT configuration. The firewall will accept any source address behind "inside" interface and will NAT them to PAT IP address 36.161.215.110 when they are connecting to a network behind "outside"

2.) The "static" configuration defines a Static NAT for a single host. This Static NAT overrides the earlier Dynamic PAT. It means that the local host defined in the Static NAT configuration will always use this NAT IP address towards the networks behind "outside" interface UNLESS a NAT0 configuration or Static Policy NAT overrides it.

3.) The "nat" configurations using the ID 0 are NAT0 / NAT Exempt configurations. The "access-list" used in the configuration define the situation where NO NAT is performed for the traffic. The "access-list" defines the source network/host and destination network/host for the situation when there is NO NAT performed

So in the above cases the "access-list" configurations will tell you when traffic from behind those interface will NOT be NATed.

Hope this clarifies things

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed.

- Jouni

93
Views
0
Helpful
1
Replies