• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 498
  • Last Modified:

ASA-NAT Order

Hi,

My querie is rleated to Natting order and which one takes first if one PC haivnf multiple NAT rules.

Say my PC 172.16.10.22  is PATTED with Public iP address and at same time
Statically natted with DMZ1 ( security level 90) Ip address 172.17.1.22 and
statically patted with DMZ2 interface (security level is 80) with 172.17.2.22
and also did NAT exemption i.e NAT0 and did static Identity NAT also

So if see the NAT xlate ,which one will take first ?
Pls provide a NAT-order in a undrstable manner to me

Thanks
Ramu
 
0
RAMU CH
Asked:
RAMU CH
3 Solutions
 
Ernie BeekCommented:
There is not really an order because these nat's are between different interfaces (networks). So There is no precedence, all these exist next to each other.
None 'takes first', the will be applied depending on which way the traffic flows.
0
 
MikeKaneCommented:
Ernie is correct, butI think the only exception to that rule is the NAT 0 where source and destination are specified.   NAT 0 is used for specific circumstances where you want certain traffic to bypass NAT all together.   NAT 0 is required for VPN connectivity because the NAT commands are evaluated before the crypto map match commands.  

0
 
RAMU CHAuthor Commented:
Thnaks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now