Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT Interpretation

Hi gurus of Cisco.

Could you explain me please, what meaning this line:

!First Nat

global (outside) 101 netmask

nat (inside) 101

!Seconf Nat

nat (WAN-Inside) 0 access-list WAN-Inside_nat0_outbound

nat (inside) 0 access-list inside_nat0_outbound

!Static NAT

static (inside,outside) netmask

The First NAT meaning, everything from the inside network NAT to this IP address

The Static NAT, Nat this private address, to this public address

Could any specialist help me to interpretate the second nat?

Any othe comment is welcome.



Super Bronze

NAT Interpretation


As you say the NAT configurations are as follows

1.) The "global" and "nat" configurations define a Dynamic PAT configuration. The firewall will accept any source address behind "inside" interface and will NAT them to PAT IP address when they are connecting to a network behind "outside"

2.) The "static" configuration defines a Static NAT for a single host. This Static NAT overrides the earlier Dynamic PAT. It means that the local host defined in the Static NAT configuration will always use this NAT IP address towards the networks behind "outside" interface UNLESS a NAT0 configuration or Static Policy NAT overrides it.

3.) The "nat" configurations using the ID 0 are NAT0 / NAT Exempt configurations. The "access-list" used in the configuration define the situation where NO NAT is performed for the traffic. The "access-list" defines the source network/host and destination network/host for the situation when there is NO NAT performed

So in the above cases the "access-list" configurations will tell you when traffic from behind those interface will NOT be NATed.

Hope this clarifies things

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed.

- Jouni