Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
0
Helpful
1
Replies

Nat rules order in config asa 8.43

ecohencohen
Level 1
Level 1

‎05-24-2012 11:13 AM - edited ‎03-11-2019 04:11 PM

Hi does anyone know about the order in which the nat rules are displayed when doing a show run. Is this configurable? What I mean is when I do a show run using 8.43 I see the 8.4 version of dynamic policy nat rules listed first, then static nat rules, then finally regular Dynamic PAT rules, can this order be changed?

thank you in advance

Ed

Labels:
0 Helpful
1 Reply 1

varrao
Level 10
Level 10

‎05-24-2012 11:24 AM

Hi,

In 8.4 nat, there is nothing as dynamic policy nat rules ,  static nat rules,  regular Dynamic PAT rules. There are only two types of Nat rules, Manual Nat and auto nat. If you do "show run nat", you would see the manual nat section first and then the auto nat section, the order is first manual nat is hit, top to bottom and then it moves to auto nat top to bottom.

Its just that when you migrated the config, the software converted them into those syntax. Although you can right a nat statement in both way if you want, like:

object network obj-10.1.1.1

  host 10.1.1.1                                               ------------------------------> AUTO NAT

  nat (inside,outside) dynamic interface                    

nat (inside,outside) source static obj-10.1.1.1 interface                  -----------------------------> MANUAL NAT

So the order of preference ony depends upon whether you have configured auto or manual nat.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card