Posted on 2011-09-23
Last Modified: 2012-05-12

My querie is rleated to Natting order and which one takes first if one PC haivnf multiple NAT rules.

Say my PC  is PATTED with Public iP address and at same time
Statically natted with DMZ1 ( security level 90) Ip address and
statically patted with DMZ2 interface (security level is 80) with
and also did NAT exemption i.e NAT0 and did static Identity NAT also

So if see the NAT xlate ,which one will take first ?
Pls provide a NAT-order in a undrstable manner to me

Question by:RAMU CH
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 83 total points
ID: 36586111
There is not really an order because these nat's are between different interfaces (networks). So There is no precedence, all these exist next to each other.
None 'takes first', the will be applied depending on which way the traffic flows.
LVL 33

Assisted Solution

MikeKane earned 83 total points
ID: 36587209
Ernie is correct, butI think the only exception to that rule is the NAT 0 where source and destination are specified.   NAT 0 is used for specific circumstances where you want certain traffic to bypass NAT all together.   NAT 0 is required for VPN connectivity because the NAT commands are evaluated before the crypto map match commands.  

LVL 12

Accepted Solution

jjmartineziii earned 84 total points
ID: 36590010

Author Closing Comment

ID: 36946809

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question