Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

nat id order of priority

If I have multiple Nat's for the same interface, will they be matched in order by the lowest nat-id first (other than 0)

1 ACCEPTED SOLUTION

Accepted Solutions

Re: nat id order of priority

It will, but not because of nat-id order (I believe), it will because access list 2 is a longer match.

6 REPLIES

Re: nat id order of priority

New Member

Re: nat id order of priority

That list doesn't show the order of multiple nats.

I have:

nat (inside) 2 access-list list_1

nat (inside) 3 access-list list_2

access-list list_2 extended permit ip 10.100.0.0 255.255.0.0 host 65.1.1.1

access-list list_3 extended permit ip 10.100.0.0 255.255.0.0 any

will list 2 be used first if going to host 65.1.1.1 in EVERY case because the nat-id is lower than the other nat

thanks

carlos fernandez

Re: nat id order of priority

The NAT will match the global, which is mapped to the ACL. Are you saying you have multiple globals assigned to an interface and the ACL's have the same source and you want to know which will happen first?

New Member

Re: nat id order of priority

yes. forgot the global cmds

access-list list_2 extended permit ip 10.100.0.0 255.255.0.0 host 65.1.1.1

access-list list_3 extended permit ip 10.100.0.0 255.255.0.0 any

global (outside) 2 65.2.2.2

global (outside) 3 65.3.3.3

nat (inside) 2 access-list list_1

nat (inside) 3 access-list list_2

If I am trying to get to 65.1.1.1, will my global source always be 65.2.2.2 because of nat-id order

thanks,

carlos

Re: nat id order of priority

It will, but not because of nat-id order (I believe), it will because access list 2 is a longer match.

New Member

Re: nat id order of priority

just thought of this

what I need is

access-list list_3 extended deny ip 10.100.0.0 255.255.0.0 host 65.1.1.1

access-list list_3 extended permit ip 10.100.0.0 255.255.0.0 host 65.1.1.1

carlos

418
Views
0
Helpful
6
Replies