Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nat rules order in config asa 8.43

Hi does anyone know about the order in which the nat rules are displayed when doing a show run. Is this configurable? What I mean is when I do a show run using 8.43 I see the 8.4 version of dynamic policy nat rules listed first, then static nat rules, then finally regular Dynamic PAT rules, can this order be changed?

thank you in advance

Ed

  • Firewalling
Everyone's tags (5)
1 REPLY
Red

Nat rules order in config asa 8.43

Hi,

In 8.4 nat, there is nothing as dynamic policy nat rules ,  static nat rules,  regular Dynamic PAT rules. There are only two types of Nat rules, Manual Nat and auto nat. If you do "show run nat", you would see the manual nat section first and then the auto nat section, the order is first manual nat is hit, top to bottom and then it moves to auto nat top to bottom.

Its just that when you migrated the config, the software converted them into those syntax. Although you can right a nat statement in both way if you want, like:

object network obj-10.1.1.1

  host 10.1.1.1                                               ------------------------------> AUTO NAT

  nat (inside,outside) dynamic interface                    

nat (inside,outside) source static obj-10.1.1.1 interface                  -----------------------------> MANUAL NAT

So the order of preference ony depends upon whether you have configured auto or manual nat.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
748
Views
0
Helpful
1
Replies