Hi does anyone know about the order in which the nat rules are displayed when doing a show run. Is this configurable? What I mean is when I do a show run using 8.43 I see the 8.4 version of dynamic policy nat rules listed first, then static nat rules, then finally regular Dynamic PAT rules, can this order be changed?
In 8.4 nat, there is nothing as dynamic policy nat rules , static nat rules, regular Dynamic PAT rules. There are only two types of Nat rules, Manual Nat and auto nat. If you do "show run nat", you would see the manual nat section first and then the auto nat section, the order is first manual nat is hit, top to bottom and then it moves to auto nat top to bottom.
Its just that when you migrated the config, the software converted them into those syntax. Although you can right a nat statement in both way if you want, like:
object network obj-10.1.1.1
host 10.1.1.1 ------------------------------> AUTO NAT
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...