Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Two NATs, same origin ASA 8.3

Hi, whats happens in ASA 8.3 if you have two NATs with the same origin (i.e 192.168.1.3) and different outside (i.e 10.10.10.5 and 10.10.11.5)?. In older release of ASA it works by position in list so the first NAt is the first applied. Works in ASA 8.3 in the same way??.

Thank you in advance

Regards

Samuel

Everyone's tags (4)
2 REPLIES
Super Bronze

Re: Two NATs, same origin ASA 8.3

For NAT in version 8.3, here is the NAT order of operation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1118157

With twice NAT, the order is as how it is entered in the configuration.

With network object NAT, it's static NAT takes precedence over dynamic NAT.

So from your description, I assume that you configure your policy NAT under twice NAT, so you are right. It is the same as the older version, ie: as you entered the NAT statements in the configuration.

Hope that helps.

Cisco Employee

Re: Two NATs, same origin ASA 8.3

To add to hajelins answer, it should work in 8.3 also.

The syntax will change automatically when you migrate/upgrade.

but translating an ip address based on the destination ip address is still do-able.

I hope it helps.

PK

1157
Views
0
Helpful
2
Replies