Posted on 2011-09-23
Last Modified: 2012-05-12

My querie is rleated to Natting order and which one takes first if one PC haivnf multiple NAT rules.

Say my PC  is PATTED with Public iP address and at same time
Statically natted with DMZ1 ( security level 90) Ip address and
statically patted with DMZ2 interface (security level is 80) with
and also did NAT exemption i.e NAT0 and did static Identity NAT also

So if see the NAT xlate ,which one will take first ?
Pls provide a NAT-order in a undrstable manner to me

Question by:RAMU CH
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 83 total points
ID: 36586111
There is not really an order because these nat's are between different interfaces (networks). So There is no precedence, all these exist next to each other.
None 'takes first', the will be applied depending on which way the traffic flows.
LVL 33

Assisted Solution

MikeKane earned 83 total points
ID: 36587209
Ernie is correct, butI think the only exception to that rule is the NAT 0 where source and destination are specified.   NAT 0 is used for specific circumstances where you want certain traffic to bypass NAT all together.   NAT 0 is required for VPN connectivity because the NAT commands are evaluated before the crypto map match commands.  

LVL 12

Accepted Solution

jjmartineziii earned 84 total points
ID: 36590010

Author Closing Comment

ID: 36946809

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question