Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1387
Views
0
Helpful
3
Replies

NAT packet flow?

Go to solution
abhi-adte
Level 1
Level 1

‎01-10-2012 05:45 AM - edited ‎03-11-2019 03:12 PM

Hi,

Today I confuse about the packet flow in NAT bi-direction and Uni-direction nat?

Can some one please briefly explain how its work this technology or please share if possible any document?

Thanks,

Abhinay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to abhi-adte

‎01-10-2012 10:39 AM

If the nat rule is bi-directional both end-point can innitiate the connection, if its uniderectional only the host on the higher security level can start the connection unless the nat statements its an outside nat.

Example of bi-directional:

Static (inside,outside) x.x.x.x y.y.y.y

Connection can be started on the outside, you will need an ACL as te connection will come from the lower security level.

Example of uniderectional.

nat (inside) 1 0 0

global (outside) 1 interface

Let me know if this helps.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
varrao
Level 10
Level 10

‎01-10-2012 05:55 AM

Can you be a bit more specific, what differnce are you looking for in bi-directional nat or uni-directional nat????

Packet-flow on ASA is irrespective of the nat type, so can you explain it a bit more??

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
abhi-adte
Level 1
Level 1
In response to varrao

‎01-10-2012 06:12 AM

9just i want understand the difference on packet level (how traffic will transit from source to destination) ... if bi-directional my user initiate the traffic from out side then what happen it will drop or allow? if allow then how its enter in the network?

actully i got confusion because of Netscreen this boxes?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to abhi-adte

‎01-10-2012 10:39 AM

If the nat rule is bi-directional both end-point can innitiate the connection, if its uniderectional only the host on the higher security level can start the connection unless the nat statements its an outside nat.

Example of bi-directional:

Static (inside,outside) x.x.x.x y.y.y.y

Connection can be started on the outside, you will need an ACL as te connection will come from the lower security level.

Example of uniderectional.

nat (inside) 1 0 0

global (outside) 1 interface

Let me know if this helps.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card