Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT rules clarification

Hi all,

I understand the concept of NAT and why it is used.  However, I am a bit confused given the following command: 

object network obj-internal
nat (inside,outside) dynamic interface

Please correct me if I am wrong, but so far I understand that this command creates a network object named "obj-internal", and creates a rule for traffic from the inside interface to the outside interface.  However, I am confused with the dynamic interface portion.  Could somebody please elaborate more on the meaning/use of this part?  All help is greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

NAT rules clarification

To create an object you also need a definition what this object is. So you also need somethng like a host- or a subnet-statement.

For this object you want to specify how the internal IP addresses (on the inside network) are translated when communicating with the outside network. The NAT-command in your example uses a dynamic translation (in contrast to static NAT that is typically used for outside-to inside traffic or when an inside host should always get the same IP on the outside) that always uses the outside IP-address of the ASA. So regardless which internal host communicates to outside, they all show up with that one IP on the destination-system.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
1 REPLY
VIP Purple

NAT rules clarification

To create an object you also need a definition what this object is. So you also need somethng like a host- or a subnet-statement.

For this object you want to specify how the internal IP addresses (on the inside network) are translated when communicating with the outside network. The NAT-command in your example uses a dynamic translation (in contrast to static NAT that is typically used for outside-to inside traffic or when an inside host should always get the same IP on the outside) that always uses the outside IP-address of the ASA. So regardless which internal host communicates to outside, they all show up with that one IP on the destination-system.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
534
Views
0
Helpful
1
Replies
CreatePlease login to create content