Strange NAT/PAT behavior

Chess Norris — Thu, 10 Nov 2022 09:26:24 GMT

Hello,

We want to translate outgoing traffic to a specific public IP based on source interface and then use the outside Interface address as a backup if the PAT pool gets exhausted.

This is the configuration I’m using for this:

I have created a dynamic auto NAT rule, where I specified the source and destination interface. On the translation TAB, I use the internal addresses as original source and the Public address as translated source. Finally, on the advanced TAB I have enabled the option “Fallthrough to Interface PAT(Destination Interface)”

The strange thing is that the users are getting the Interface address instead of the address we specified as “translated source” I thought that the option “Fallthrough to Interface PAT(Destination Interface) mean that the interface address would only be used as a backup if the PAT pool gets exhausted. Am I wrong about this?

Thanks

/Chess

Re: Strange NAT/PAT behavior

MHM Cisco World — Sun, 13 Nov 2022 18:48:43 GMT

as I know from router IOS, the behave as following
the traffic port will check if the port is free for interface1 then ok
if the port is not free for interface 1 then the IOS will used the second interface and check it port is it free if yes then it will use interface2.
and I think this is same in FTD.

topic Re: Strange NAT/PAT behavior in Network Security

Strange NAT/PAT behavior

Re: Strange NAT/PAT behavior